• Home
  • Deploy Dynatrace
  • Set up Dynatrace on cloud platforms
  • Amazon Web Services
  • Integrations
  • Amazon Web Services
  • Amazon Application and Network Load Balancer

Amazon Application and Network Load Balancer

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Application and Network Load Balancer. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need:

  • Any version of ActiveGate in both Dynatrace SaaS and Managed deployments.
    Note: For role-based access (whether in a SaaS or Managed deployment), you need an ActiveGate installed on an Amazon EC2 host.
  • An updated AWS monitoring policy to include the additional AWS services.
    To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all cloud services.
JSON predefined policy for all cloud services
json
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "acm-pca:ListCertificateAuthorities", "apigateway:GET", "apprunner:ListServices", "appstream:DescribeFleets", "appsync:ListGraphqlApis", "athena:ListWorkGroups", "autoscaling:DescribeAutoScalingGroups", "cloudformation:ListStackResources", "cloudfront:ListDistributions", "cloudhsm:DescribeClusters", "cloudsearch:DescribeDomains", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "codebuild:ListProjects", "datasync:ListTasks", "dax:DescribeClusters", "directconnect:DescribeConnections", "dms:DescribeReplicationInstances", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:DescribeAvailabilityZones", "ec2:DescribeInstances", "ec2:DescribeNatGateways", "ec2:DescribeSpotFleetRequests", "ec2:DescribeTransitGateways", "ec2:DescribeVolumes", "ec2:DescribeVpnConnections", "ecs:ListClusters", "eks:ListClusters", "elasticache:DescribeCacheClusters", "elasticbeanstalk:DescribeEnvironmentResources", "elasticbeanstalk:DescribeEnvironments", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetHealth", "elasticmapreduce:ListClusters", "elastictranscoder:ListPipelines", "es:ListDomainNames", "events:ListEventBuses", "firehose:ListDeliveryStreams", "fsx:DescribeFileSystems", "gamelift:ListFleets", "glue:GetJobs", "inspector:ListAssessmentTemplates", "kafka:ListClusters", "kinesis:ListStreams", "kinesisanalytics:ListApplications", "kinesisvideo:ListStreams", "lambda:ListFunctions", "lambda:ListTags", "lex:GetBots", "logs:DescribeLogGroups", "mediaconnect:ListFlows", "mediaconvert:DescribeEndpoints", "mediapackage-vod:ListPackagingConfigurations", "mediapackage:ListChannels", "mediatailor:ListPlaybackConfigurations", "opsworks:DescribeStacks", "qldb:ListLedgers", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "rds:DescribeEvents", "rds:ListTagsForResource", "redshift:DescribeClusters", "robomaker:ListSimulationJobs", "route53:ListHostedZones", "route53resolver:ListResolverEndpoints", "s3:ListAllMyBuckets", "sagemaker:ListEndpoints", "sns:ListTopics", "sqs:ListQueues", "storagegateway:ListGateways", "sts:GetCallerIdentity", "swf:ListDomains", "tag:GetResources", "tag:GetTagKeys", "transfer:ListServers", "workmail:ListOrganizations", "workspaces:DescribeWorkspaces" ], "Resource": "*" } ] }

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for all services (All monitored Amazon services) and, for each cloud service, a list of optional permissions specific to that service.

Complete list of permissions for cloud services
NameAdditional permissions
AWS Certificate Manager Private Certificate Authority"acm-pca:ListCertificateAuthorities"
All monitored Amazon services"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
Amazon MQ
Amazon API Gateway"apigateway:GET"
AWS App Runner"apprunner:ListServices"
Amazon AppStream"appstream:DescribeFleets"
AWS AppSync"appsync:ListGraphqlApis"
Amazon Athena"athena:ListWorkGroups"
Amazon Aurora"rds:DescribeDBClusters"
Amazon EC2 Auto Scaling"autoscaling:DescribeAutoScalingGroups"
Amazon EC2 Auto Scaling (built-in)"autoscaling:DescribeAutoScalingGroups"
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront"cloudfront:ListDistributions"
AWS CloudHSM"cloudhsm:DescribeClusters"
Amazon CloudSearch"cloudsearch:DescribeDomains"
AWS CodeBuild"codebuild:ListProjects"
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS)"eks:ListClusters"
AWS DataSync"datasync:ListTasks"
Amazon DynamoDB Accelerator (DAX)"dax:DescribeClusters"
Amazon Database Migration Service"dms:DescribeReplicationInstances"
Amazon DocumentDB"rds:DescribeDBClusters"
AWS Direct Connect"directconnect:DescribeConnections"
Amazon DynamoDB (built-in)"dynamodb:ListTables",
"dynamodb:ListTagsOfResource"
Amazon EBS (built-in)"ec2:DescribeVolumes"
Amazon EC2 API
Amazon EC2 (built-in)"ec2:DescribeInstances"
Amazon EC2 Spot Fleet"ec2:DescribeSpotFleetRequests"
Amazon Elastic Container Service (ECS)"ecs:ListClusters"
Amazon ECS ContainerInsights"ecs:ListClusters"
Amazon ElastiCache (EC)"elasticache:DescribeCacheClusters"
AWS Elastic Beanstalk"elasticbeanstalk:DescribeEnvironments"
Amazon Elastic File System (EFS)"elasticfilesystem:DescribeFileSystems"
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR)"elasticmapreduce:ListClusters"
Amazon Elasticsearch Service (ES)"es:ListDomainNames"
Amazon Elastic Transcoder"elastictranscoder:ListPipelines"
AWS Elastic Load Balancing (ELB) (built-in)"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth"
Amazon EventBridge"events:ListEventBuses"
Amazon FSx"fsx:DescribeFileSystems"
Amazon GameLift"gamelift:ListFleets"
AWS Glue"glue:GetJobs"
Amazon Inspector"inspector:ListAssessmentTemplates"
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka"kafka:ListClusters"
Amazon Kinesis Data Analytics"kinesisanalytics:ListApplications"
Amazon Kinesis Data Firehose"firehose:ListDeliveryStreams"
Amazon Kinesis Data Streams"kinesis:ListStreams"
Amazon Kinesis Video Streams"kinesisvideo:ListStreams"
AWS Lambda (built-in)"lambda:ListFunctions",
"lambda:ListTags"
Amazon Lex"lex:GetBots"
AWS Application and Network Load Balancer (built-in)"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth"
Amazon CloudWatch Logs"logs:DescribeLogGroups"
AWS Elemental MediaConnect"mediaconnect:ListFlows"
Amazon MediaConvert"mediaconvert:DescribeEndpoints"
Amazon MediaPackage Live"mediapackage:ListChannels"
Amazon MediaPackage Video on Demand"mediapackage-vod:ListPackagingConfigurations"
Amazon MediaTailor"mediatailor:ListPlaybackConfigurations"
Amazon VPC NAT Gateways"ec2:DescribeNatGateways"
Amazon Neptune"rds:DescribeDBClusters"
AWS OpsWorks"opsworks:DescribeStacks"
Amazon Polly
Amazon QLDB"qldb:ListLedgers"
Amazon RDS (built-in)"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource"
Amazon Redshift"redshift:DescribeClusters"
Amazon Rekognition
AWS RoboMaker"robomaker:ListSimulationJobs"
Amazon Route 53"route53:ListHostedZones"
Amazon Route 53 Resolver"route53resolver:ListResolverEndpoints"
Amazon S3"s3:ListAllMyBuckets"
Amazon S3 (built-in)"s3:ListAllMyBuckets"
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances"sagemaker:ListEndpoints"
Amazon SageMaker Endpoints"sagemaker:ListEndpoints"
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS)"sns:ListTopics"
Amazon Simple Queue Service (SQS)"sqs:ListQueues"
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway"storagegateway:ListGateways"
Amazon SWF"swf:ListDomains"
Amazon Textract
AWS IoT Things Graph
Amazon Transfer Family"transfer:ListServers"
AWS Transit Gateway"ec2:DescribeTransitGateways"
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN"ec2:DescribeVpnConnections"
Amazon WAF Classic
Amazon WAF
Amazon WorkMail"workmail:ListOrganizations"
Amazon WorkSpaces"workspaces:DescribeWorkspaces"

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway
json
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "apigateway:GET", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", "ec2:DescribeAvailabilityZones" ], "Resource": "*" } ] }

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All monitored Amazon services.

To disable monitoring of built-in services you need:

  • ActiveGate version 1.245+, Dynatrace version 1.247+

Enable monitoring

To enable monitoring for this service, you need to integrate Dynatrace with Amazon Web Services:

  • Set up Dynatrace SaaS integration
  • Set up Dynatrace Managed integration

Add the service to monitoring

To view service metrics, the service needs to be monitored in your Dynatrace environment.

Built-in services specifics

This is a built-in service. It’s monitored out-of-the-box once a new AWS integration instance is created. For built-in services, all metrics are recommended (changing configuration is not possible).

In case a service was disabled and you want to re-enable it:
  1. In the Dynatrace menu, go to Settings and select Cloud and virtualization > AWS.
  2. On the AWS overview page, select the Edit icon for the AWS instance.
  3. Under Services, select Manage services.
  4. Select Add service, choose the service from the list, and select Add service.
  5. Select Save changes.
Cloud-service monitoring consumption

All cloud services consume Davis data units (DDUs). The amount of DDU consumption per service instance depends on the number of monitored metrics and their dimensions (each metric dimension results in the ingestion of 1 data point; 1 data point consumes 0.001 DDUs).

Monitor resources based on tags

You can choose to monitor resources based on existing AWS tags, as Dynatrace automatically imports them from service instances. Nevertheless, the transition from AWS to Dynatrace tagging isn't supported for all AWS services. Expand the table below to see which cloud services are filtered by tagging.

Tag filtering per service
NameTags monitoring & filtering
AWS Certificate Manager Private Certificate Authorityyes
Amazon MQ-
Amazon API Gatewayyes
AWS App Runneryes
Amazon AppStreamyes
AWS AppSyncyes
Amazon Athenayes
Amazon Aurorayes
Amazon EC2 Auto Scaling-
Amazon EC2 Auto Scaling (built-in)yes
AWS Billing-
Amazon Keyspacesyes
AWS Chatbot-
Amazon CloudFrontyes
AWS CloudHSMyes
Amazon CloudSearch-
AWS CodeBuildyes
Amazon Cognito-
Amazon Connect-
Amazon Elastic Kubernetes Service (EKS)yes
AWS DataSyncyes
Amazon DynamoDB Accelerator (DAX)yes
Amazon Database Migration Serviceyes
Amazon DocumentDByes
AWS Direct Connectyes
Amazon DynamoDB (built-in)yes
Amazon EBS (built-in)yes
Amazon EC2 API-
Amazon EC2 (built-in)yes
Amazon EC2 Spot Fleet-
Amazon Elastic Container Service (ECS)yes
Amazon ECS ContainerInsightsyes
Amazon ElastiCache (EC)yes
AWS Elastic Beanstalkyes
Amazon Elastic File System (EFS)yes
Amazon Elastic Inferenceyes
Amazon Elastic Map Reduce (EMR)yes
Amazon Elasticsearch Service (ES)yes
Amazon Elastic Transcoder-
AWS Elastic Load Balancing (ELB) (built-in)yes
Amazon EventBridgeyes
Amazon FSxyes
Amazon GameLift-
AWS Glueyes
Amazon Inspectoryes
AWS Internet of Things (IoT)-
AWS IoT Analytics-
Amazon Managed Streaming for Kafkayes
Amazon Kinesis Data Analyticsyes
Amazon Kinesis Data Firehoseyes
Amazon Kinesis Data Streamsyes
Amazon Kinesis Video Streamsyes
AWS Lambda (built-in)yes
Amazon Lexyes
AWS Application and Network Load Balancer (built-in)yes
Amazon CloudWatch Logsyes
AWS Elemental MediaConnect-
Amazon MediaConvertyes
Amazon MediaPackage Liveyes
Amazon MediaPackage Video on Demandyes
Amazon MediaTailoryes
Amazon VPC NAT Gatewaysyes
Amazon Neptuneyes
AWS OpsWorksyes
Amazon Polly-
Amazon QLDByes
Amazon RDS (built-in)yes
Amazon Redshiftyes
Amazon Rekognition-
AWS RoboMakeryes
Amazon Route 53-
Amazon Route 53 Resolveryes
Amazon S3yes
Amazon S3 (built-in)yes
Amazon SageMaker Batch Transform Jobs-
Amazon SageMaker Endpoint Instancesyes
Amazon SageMaker Endpointsyes
Amazon SageMaker Ground Truth-
Amazon SageMaker Processing Jobs-
Amazon SageMaker Training Jobs-
AWS Service Catalog-
Amazon Simple Email Service (SES)-
Amazon Simple Notification Service (SNS)yes
Amazon Simple Queue Service (SQS)yes
AWS Systems Manager - Run Command-
AWS Step Functions-
AWS Storage Gatewayyes
Amazon SWF-
Amazon Textract-
AWS IoT Things Graph-
Amazon Transfer Familyyes
AWS Transit Gatewayyes
Amazon Translate-
AWS Trusted Advisor-
AWS API Usage-
AWS Site-to-Site VPNyes
Amazon WAF Classic-
Amazon WAF-
Amazon WorkMailyes
Amazon WorkSpacesyes

To monitor resources based on tags

  1. In the Dynatrace menu, go to Settings and select Cloud and virtualization > AWS.
  2. Select the Edit icon for the AWS instance.
  3. Set Resources to be monitored to Monitor resources selected by tags.
  4. Enter key/value pairs to identify resources to exclude from monitoring or include in monitoring.
    You can enter multiple key/value pairs: each time you enter a pair, another empty row is displayed for you to edit as needed.
  5. Select Save to save your configuration.

View service metrics

You can view the service metrics in your Dynatrace environment either on the AWS account page or on your Dashboards page.

View metrics on the AWS account page

To view metrics on the AWS account page

  1. In the Dynatrace menu, go to Infrastructure > AWS
  2. Choose AWS account you want to check metrics for.
  3. Select Service box. Metrics for the selected service are visible under the infographic in the service section.

View metrics on the Dashboard

You can also create your own dashboard. For more information on how to create dashboards, go to Create and edit Dynatrace dashboards

Example of AWS built-in monitoring service

example of AWS builtin monitoring service

Available metrics

Application Load Balancer metrics

Metric keyNameUnitAggregationsMonitoring consumption
builtin:cloud.aws.alb.connections.active

ALB number of active connections

CountautoavgmaxminDDUs
builtin:cloud.aws.alb.connections.new

ALB number of new connections

CountautovalueDDUs
builtin:cloud.aws.alb.errors.alb.http4xx

ALB number of 4XX errors

CountautovalueDDUs
builtin:cloud.aws.alb.errors.alb.http5xx

ALB number of 5XX errors

CountautovalueDDUs
builtin:cloud.aws.alb.errors.target.http4xx

ALB number of 4XX target errors

CountautovalueDDUs
builtin:cloud.aws.alb.errors.target.http5xx

ALB number of 5XX target errors

CountautovalueDDUs
builtin:cloud.aws.alb.errors.rejCon

ALB number of rejected connections

CountautovalueDDUs
builtin:cloud.aws.alb.errors.targConn

ALB number of target connection errors

CountautovalueDDUs
builtin:cloud.aws.alb.errors.tlsNeg

ALB number of client TLS negotiation errors

CountautovalueDDUs
builtin:cloud.aws.alb.bytes

ALB number of processed bytes

CountautovalueDDUs
builtin:cloud.aws.alb.lcus

ALB number of consumed LCUs

CountautovalueDDUs
builtin:cloud.aws.alb.requests

ALB number of requests

CountautovalueDDUs
builtin:cloud.aws.alb.respTime

ALB target response time

SecondautoavgmaxminDDUs

Network Load Balancer metrics

Metric keyNameUnitAggregationsMonitoring consumption
builtin:cloud.aws.nlb.flow.active

NLB number of active flows

CountautoavgmaxminDDUs
builtin:cloud.aws.nlb.flow.new

NLB number of new flows

CountautovalueDDUs
builtin:cloud.aws.nlb.tcp.reset.client

NLB number of client resets

CountautovalueDDUs
builtin:cloud.aws.nlb.tcp.reset.elb

NLB number of resets

CountautovalueDDUs
builtin:cloud.aws.nlb.tcp.reset.target

NLB number of target resets

CountautovalueDDUs
builtin:cloud.aws.nlb.bytes

NLB number of processed bytes

CountautovalueDDUs
builtin:cloud.aws.nlb.lcus

NLB number of consumed LCUs

CountautovalueDDUs