Amazon Application and Network Load Balancer

Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Application and Network Load Balancer. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.

Prerequisites

To enable monitoring for this service, you need:

Any version of ActiveGate in both Dynatrace SaaS and Managed deployments.
Note: For role-based access (whether in a SaaS or Managed deployment), you need an ActiveGate installed on an Amazon EC2 host.
An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all cloud services.

JSON predefined policy for all cloud services

json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "acm-pca:ListCertificateAuthorities",
        "apigateway:GET",
        "apprunner:ListServices",
        "appstream:DescribeFleets",
        "appsync:ListGraphqlApis",
        "athena:ListWorkGroups",
        "autoscaling:DescribeAutoScalingGroups",
        "cloudformation:ListStackResources",
        "cloudfront:ListDistributions",
        "cloudhsm:DescribeClusters",
        "cloudsearch:DescribeDomains",
        "cloudwatch:GetMetricData",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "codebuild:ListProjects",
        "datasync:ListTasks",
        "dax:DescribeClusters",
        "directconnect:DescribeConnections",
        "dms:DescribeReplicationInstances",
        "dynamodb:ListTables",
        "dynamodb:ListTagsOfResource",
        "ec2:DescribeAvailabilityZones",
        "ec2:DescribeInstances",
        "ec2:DescribeNatGateways",
        "ec2:DescribeSpotFleetRequests",
        "ec2:DescribeTransitGateways",
        "ec2:DescribeVolumes",
        "ec2:DescribeVpnConnections",
        "ecs:ListClusters",
        "eks:ListClusters",
        "elasticache:DescribeCacheClusters",
        "elasticbeanstalk:DescribeEnvironmentResources",
        "elasticbeanstalk:DescribeEnvironments",
        "elasticfilesystem:DescribeFileSystems",
        "elasticloadbalancing:DescribeInstanceHealth",
        "elasticloadbalancing:DescribeListeners",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeRules",
        "elasticloadbalancing:DescribeTags",
        "elasticloadbalancing:DescribeTargetHealth",
        "elasticmapreduce:ListClusters",
        "elastictranscoder:ListPipelines",
        "es:ListDomainNames",
        "events:ListEventBuses",
        "firehose:ListDeliveryStreams",
        "fsx:DescribeFileSystems",
        "gamelift:ListFleets",
        "glue:GetJobs",
        "inspector:ListAssessmentTemplates",
        "kafka:ListClusters",
        "kinesis:ListStreams",
        "kinesisanalytics:ListApplications",
        "kinesisvideo:ListStreams",
        "lambda:ListFunctions",
        "lambda:ListTags",
        "lex:GetBots",
        "logs:DescribeLogGroups",
        "mediaconnect:ListFlows",
        "mediaconvert:DescribeEndpoints",
        "mediapackage-vod:ListPackagingConfigurations",
        "mediapackage:ListChannels",
        "mediatailor:ListPlaybackConfigurations",
        "opsworks:DescribeStacks",
        "qldb:ListLedgers",
        "rds:DescribeDBClusters",
        "rds:DescribeDBInstances",
        "rds:DescribeEvents",
        "rds:ListTagsForResource",
        "redshift:DescribeClusters",
        "robomaker:ListSimulationJobs",
        "route53:ListHostedZones",
        "route53resolver:ListResolverEndpoints",
        "s3:ListAllMyBuckets",
        "sagemaker:ListEndpoints",
        "sns:ListTopics",
        "sqs:ListQueues",
        "storagegateway:ListGateways",
        "sts:GetCallerIdentity",
        "swf:ListDomains",
        "tag:GetResources",
        "tag:GetTagKeys",
        "transfer:ListServers",
        "workmail:ListOrganizations",
        "workspaces:DescribeWorkspaces"
      ],
      "Resource": "*"
    }
  ]
}

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for all services (All monitored Amazon services) and, for each cloud service, a list of optional permissions specific to that service.

Complete list of permissions for cloud services

Name	Additional permissions
AWS Certificate Manager Private Certificate Authority	"acm-pca:ListCertificateAuthorities"
All monitored Amazon services	"cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", "ec2:DescribeAvailabilityZones"
Amazon MQ
Amazon API Gateway	"apigateway:GET"
AWS App Runner	"apprunner:ListServices"
Amazon AppStream	"appstream:DescribeFleets"
AWS AppSync	"appsync:ListGraphqlApis"
Amazon Athena	"athena:ListWorkGroups"
Amazon Aurora	"rds:DescribeDBClusters"
Amazon EC2 Auto Scaling	"autoscaling:DescribeAutoScalingGroups"
Amazon EC2 Auto Scaling (built-in)	"autoscaling:DescribeAutoScalingGroups"
AWS Billing
Amazon Keyspaces
AWS Chatbot
Amazon CloudFront	"cloudfront:ListDistributions"
AWS CloudHSM	"cloudhsm:DescribeClusters"
Amazon CloudSearch	"cloudsearch:DescribeDomains"
AWS CodeBuild	"codebuild:ListProjects"
Amazon Cognito
Amazon Connect
Amazon Elastic Kubernetes Service (EKS)	"eks:ListClusters"
AWS DataSync	"datasync:ListTasks"
Amazon DynamoDB Accelerator (DAX)	"dax:DescribeClusters"
Amazon Database Migration Service	"dms:DescribeReplicationInstances"
Amazon DocumentDB	"rds:DescribeDBClusters"
AWS Direct Connect	"directconnect:DescribeConnections"
Amazon DynamoDB (built-in)	"dynamodb:ListTables", "dynamodb:ListTagsOfResource"
Amazon EBS (built-in)	"ec2:DescribeVolumes"
Amazon EC2 API
Amazon EC2 (built-in)	"ec2:DescribeInstances"
Amazon EC2 Spot Fleet	"ec2:DescribeSpotFleetRequests"
Amazon Elastic Container Service (ECS)	"ecs:ListClusters"
Amazon ECS ContainerInsights	"ecs:ListClusters"
Amazon ElastiCache (EC)	"elasticache:DescribeCacheClusters"
AWS Elastic Beanstalk	"elasticbeanstalk:DescribeEnvironments"
Amazon Elastic File System (EFS)	"elasticfilesystem:DescribeFileSystems"
Amazon Elastic Inference
Amazon Elastic Map Reduce (EMR)	"elasticmapreduce:ListClusters"
Amazon Elasticsearch Service (ES)	"es:ListDomainNames"
Amazon Elastic Transcoder	"elastictranscoder:ListPipelines"
AWS Elastic Load Balancing (ELB) (built-in)	"elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetHealth"
Amazon EventBridge	"events:ListEventBuses"
Amazon FSx	"fsx:DescribeFileSystems"
Amazon GameLift	"gamelift:ListFleets"
AWS Glue	"glue:GetJobs"
Amazon Inspector	"inspector:ListAssessmentTemplates"
AWS Internet of Things (IoT)
AWS IoT Analytics
Amazon Managed Streaming for Kafka	"kafka:ListClusters"
Amazon Kinesis Data Analytics	"kinesisanalytics:ListApplications"
Amazon Kinesis Data Firehose	"firehose:ListDeliveryStreams"
Amazon Kinesis Data Streams	"kinesis:ListStreams"
Amazon Kinesis Video Streams	"kinesisvideo:ListStreams"
AWS Lambda (built-in)	"lambda:ListFunctions", "lambda:ListTags"
Amazon Lex	"lex:GetBots"
AWS Application and Network Load Balancer (built-in)	"elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetHealth"
Amazon CloudWatch Logs	"logs:DescribeLogGroups"
AWS Elemental MediaConnect	"mediaconnect:ListFlows"
Amazon MediaConvert	"mediaconvert:DescribeEndpoints"
Amazon MediaPackage Live	"mediapackage:ListChannels"
Amazon MediaPackage Video on Demand	"mediapackage-vod:ListPackagingConfigurations"
Amazon MediaTailor	"mediatailor:ListPlaybackConfigurations"
Amazon VPC NAT Gateways	"ec2:DescribeNatGateways"
Amazon Neptune	"rds:DescribeDBClusters"
AWS OpsWorks	"opsworks:DescribeStacks"
Amazon Polly
Amazon QLDB	"qldb:ListLedgers"
Amazon RDS (built-in)	"rds:DescribeDBInstances", "rds:DescribeEvents", "rds:ListTagsForResource"
Amazon Redshift	"redshift:DescribeClusters"
Amazon Rekognition
AWS RoboMaker	"robomaker:ListSimulationJobs"
Amazon Route 53	"route53:ListHostedZones"
Amazon Route 53 Resolver	"route53resolver:ListResolverEndpoints"
Amazon S3	"s3:ListAllMyBuckets"
Amazon S3 (built-in)	"s3:ListAllMyBuckets"
Amazon SageMaker Batch Transform Jobs
Amazon SageMaker Endpoint Instances	"sagemaker:ListEndpoints"
Amazon SageMaker Endpoints	"sagemaker:ListEndpoints"
Amazon SageMaker Ground Truth
Amazon SageMaker Processing Jobs
Amazon SageMaker Training Jobs
AWS Service Catalog
Amazon Simple Email Service (SES)
Amazon Simple Notification Service (SNS)	"sns:ListTopics"
Amazon Simple Queue Service (SQS)	"sqs:ListQueues"
AWS Systems Manager - Run Command
AWS Step Functions
AWS Storage Gateway	"storagegateway:ListGateways"
Amazon SWF	"swf:ListDomains"
Amazon Textract
AWS IoT Things Graph
Amazon Transfer Family	"transfer:ListServers"
AWS Transit Gateway	"ec2:DescribeTransitGateways"
Amazon Translate
AWS Trusted Advisor
AWS API Usage
AWS Site-to-Site VPN	"ec2:DescribeVpnConnections"
Amazon WAF Classic
Amazon WAF
Amazon WorkMail	"workmail:ListOrganizations"
Amazon WorkSpaces	"workspaces:DescribeWorkspaces"

Example of JSON policy for one single service.

JSON policy for Amazon API Gateway

json
{
  "Version": "2012-10-17",
  "Statement": [
          {
                  "Sid": "VisualEditor0",
                  "Effect": "Allow",
                  "Action": [
                          "apigateway:GET",
                          "cloudwatch:GetMetricData",
                          "cloudwatch:GetMetricStatistics",
                          "cloudwatch:ListMetrics",
                          "sts:GetCallerIdentity",
                          "tag:GetResources",
                          "tag:GetTagKeys",
                          "ec2:DescribeAvailabilityZones"
                  ],
                  "Resource": "*"
          }
      ]
}

In this example, from the complete list of permissions you need to select

"apigateway:GET" for Amazon API Gateway
"cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All monitored Amazon services.

To disable monitoring of built-in services you need:

ActiveGate version 1.245+, Dynatrace version 1.247+

Enable monitoring

To enable monitoring for this service, you need to integrate Dynatrace with Amazon Web Services:

Add the service to monitoring

To view service metrics, the service needs to be monitored in your Dynatrace environment.

Built-in services specifics

This is a built-in service. It’s monitored out-of-the-box once a new AWS integration instance is created. For built-in services, all metrics are recommended (changing configuration is not possible).

In case a service was disabled and you want to re-enable it:

In the Dynatrace menu, go to Settings and select Cloud and virtualization > AWS.
On the AWS overview page, select the Edit icon for the AWS instance.
Under Services, select Manage services.
Select Add service, choose the service from the list, and select Add service.
Select Save changes.

Cloud-service monitoring consumption

All cloud services consume Davis data units (DDUs). The amount of DDU consumption per service instance depends on the number of monitored metrics and their dimensions (each metric dimension results in the ingestion of 1 data point; 1 data point consumes 0.001 DDUs).

Monitor resources based on tags

You can choose to monitor resources based on existing AWS tags, as Dynatrace automatically imports them from service instances. Nevertheless, the transition from AWS to Dynatrace tagging isn't supported for all AWS services. Expand the table below to see which cloud services are filtered by tagging.

Tag filtering per service

Name	Tags monitoring & filtering
AWS Certificate Manager Private Certificate Authority	yes
Amazon MQ	-
Amazon API Gateway	yes
AWS App Runner	yes
Amazon AppStream	yes
AWS AppSync	yes
Amazon Athena	yes
Amazon Aurora	yes
Amazon EC2 Auto Scaling	-
Amazon EC2 Auto Scaling (built-in)	yes
AWS Billing	-
Amazon Keyspaces	yes
AWS Chatbot	-
Amazon CloudFront	yes
AWS CloudHSM	yes
Amazon CloudSearch	-
AWS CodeBuild	yes
Amazon Cognito	-
Amazon Connect	-
Amazon Elastic Kubernetes Service (EKS)	yes
AWS DataSync	yes
Amazon DynamoDB Accelerator (DAX)	yes
Amazon Database Migration Service	yes
Amazon DocumentDB	yes
AWS Direct Connect	yes
Amazon DynamoDB (built-in)	yes
Amazon EBS (built-in)	yes
Amazon EC2 API	-
Amazon EC2 (built-in)	yes
Amazon EC2 Spot Fleet	-
Amazon Elastic Container Service (ECS)	yes
Amazon ECS ContainerInsights	yes
Amazon ElastiCache (EC)	yes
AWS Elastic Beanstalk	yes
Amazon Elastic File System (EFS)	yes
Amazon Elastic Inference	yes
Amazon Elastic Map Reduce (EMR)	yes
Amazon Elasticsearch Service (ES)	yes
Amazon Elastic Transcoder	-
AWS Elastic Load Balancing (ELB) (built-in)	yes
Amazon EventBridge	yes
Amazon FSx	yes
Amazon GameLift	-
AWS Glue	yes
Amazon Inspector	yes
AWS Internet of Things (IoT)	-
AWS IoT Analytics	-
Amazon Managed Streaming for Kafka	yes
Amazon Kinesis Data Analytics	yes
Amazon Kinesis Data Firehose	yes
Amazon Kinesis Data Streams	yes
Amazon Kinesis Video Streams	yes
AWS Lambda (built-in)	yes
Amazon Lex	yes
AWS Application and Network Load Balancer (built-in)	yes
Amazon CloudWatch Logs	yes
AWS Elemental MediaConnect	-
Amazon MediaConvert	yes
Amazon MediaPackage Live	yes
Amazon MediaPackage Video on Demand	yes
Amazon MediaTailor	yes
Amazon VPC NAT Gateways	yes
Amazon Neptune	yes
AWS OpsWorks	yes
Amazon Polly	-
Amazon QLDB	yes
Amazon RDS (built-in)	yes
Amazon Redshift	yes
Amazon Rekognition	-
AWS RoboMaker	yes
Amazon Route 53	-
Amazon Route 53 Resolver	yes
Amazon S3	yes
Amazon S3 (built-in)	yes
Amazon SageMaker Batch Transform Jobs	-
Amazon SageMaker Endpoint Instances	yes
Amazon SageMaker Endpoints	yes
Amazon SageMaker Ground Truth	-
Amazon SageMaker Processing Jobs	-
Amazon SageMaker Training Jobs	-
AWS Service Catalog	-
Amazon Simple Email Service (SES)	-
Amazon Simple Notification Service (SNS)	yes
Amazon Simple Queue Service (SQS)	yes
AWS Systems Manager - Run Command	-
AWS Step Functions	-
AWS Storage Gateway	yes
Amazon SWF	-
Amazon Textract	-
AWS IoT Things Graph	-
Amazon Transfer Family	yes
AWS Transit Gateway	yes
Amazon Translate	-
AWS Trusted Advisor	-
AWS API Usage	-
AWS Site-to-Site VPN	yes
Amazon WAF Classic	-
Amazon WAF	-
Amazon WorkMail	yes
Amazon WorkSpaces	yes

To monitor resources based on tags

In the Dynatrace menu, go to Settings and select Cloud and virtualization > AWS.
Select the Edit icon for the AWS instance.
Set Resources to be monitored to Monitor resources selected by tags.
Enter key/value pairs to identify resources to exclude from monitoring or include in monitoring.
You can enter multiple key/value pairs: each time you enter a pair, another empty row is displayed for you to edit as needed.
Select Save to save your configuration.

View service metrics

You can view the service metrics in your Dynatrace environment either on the AWS account page or on your Dashboards page.

View metrics on the AWS account page

To view metrics on the AWS account page

In the Dynatrace menu, go to Infrastructure > AWS
Choose AWS account you want to check metrics for.
Select Service box. Metrics for the selected service are visible under the infographic in the service section.

View metrics on the Dashboard

You can also create your own dashboard. For more information on how to create dashboards, go to Create and edit Dynatrace dashboards

Example of AWS built-in monitoring service

Available metrics

Application Load Balancer metrics

Metric key	Name	Unit	Aggregations	Monitoring consumption
builtin:cloud.aws.alb.connections.active	ALB number of active connections	Count	autoavgmaxmin	DDUs
builtin:cloud.aws.alb.connections.new	ALB number of new connections	Count	autovalue	DDUs
builtin:cloud.aws.alb.errors.alb.http4xx	ALB number of 4XX errors	Count	autovalue	DDUs
builtin:cloud.aws.alb.errors.alb.http5xx	ALB number of 5XX errors	Count	autovalue	DDUs
builtin:cloud.aws.alb.errors.target.http4xx	ALB number of 4XX target errors	Count	autovalue	DDUs
builtin:cloud.aws.alb.errors.target.http5xx	ALB number of 5XX target errors	Count	autovalue	DDUs
builtin:cloud.aws.alb.errors.rejCon	ALB number of rejected connections	Count	autovalue	DDUs
builtin:cloud.aws.alb.errors.targConn	ALB number of target connection errors	Count	autovalue	DDUs
builtin:cloud.aws.alb.errors.tlsNeg	ALB number of client TLS negotiation errors	Count	autovalue	DDUs
builtin:cloud.aws.alb.bytes	ALB number of processed bytes	Count	autovalue	DDUs
builtin:cloud.aws.alb.lcus	ALB number of consumed LCUs	Count	autovalue	DDUs
builtin:cloud.aws.alb.requests	ALB number of requests	Count	autovalue	DDUs
builtin:cloud.aws.alb.respTime	ALB target response time	Second	autoavgmaxmin	DDUs

Network Load Balancer metrics

Metric key	Name	Unit	Aggregations	Monitoring consumption
builtin:cloud.aws.nlb.flow.active	NLB number of active flows	Count	autoavgmaxmin	DDUs
builtin:cloud.aws.nlb.flow.new	NLB number of new flows	Count	autovalue	DDUs
builtin:cloud.aws.nlb.tcp.reset.client	NLB number of client resets	Count	autovalue	DDUs
builtin:cloud.aws.nlb.tcp.reset.elb	NLB number of resets	Count	autovalue	DDUs
builtin:cloud.aws.nlb.tcp.reset.target	NLB number of target resets	Count	autovalue	DDUs
builtin:cloud.aws.nlb.bytes	NLB number of processed bytes	Count	autovalue	DDUs
builtin:cloud.aws.nlb.lcus	NLB number of consumed LCUs	Count	autovalue	DDUs