• Home
  • Deploy
  • Set up Dynatrace on cloud platforms
  • Amazon Web Services
  • Integrations
  • Monitor Amazon Web Services with Amazon CloudWatch metrics
  • Troubleshoot AWS monitoring setup

Troubleshoot AWS monitoring setup

Read below how you can troubleshoot issues regarding your Dynatrace deployment for AWS monitoring.

The `custom.properties` file on my Environment ActiveGate doesn't have the `[aws_monitoring]` property listed in Documentation.

Make sure that you have the latest version of Environment ActiveGate. Earlier versions (ActiveGate version 1.159 and earlier) contained a property with a different name. Set that property instead:

ActiveGate versions 1.159 and earlier

plaintext
[collector]
AWSAgentEnabled = true
I don't know how to connect through proxy.

See Set up proxy authentication for ActiveGate.

I want to configure a proxy for an ActiveGate deployed on an EC2 instance, with an attached IAM role.

If you configure a proxy for an ActiveGate deployed on an EC2 instance, with an attached IAM role, you must ensure that you exempt the address used to access the instance metadata. The address to exempt is the IP address of the instance metadata service, 169.254.169.254. This address is always the same and does not depend on the instance.
In the appropriate section your ActiveGate communication settings, specify proxy-non-proxy-hosts = 169.254.169.254.
For example:

plaintext
[http.client]
proxy-non-proxy-hosts = 169.254.169.254
I have more than one ActiveGate.

You have two options:

  • Option 1.
    Confirm that all ActiveGates that have AWS monitoring enabled can connect to AWS.
    In case of role-based setup: Ensure that all ActiveGates that have AWS monitoring enabled have the ActiveGate role attached.

  • Option 2.
    Choose one ActiveGate you want to monitor your AWS account with. Any ActiveGate type will work as long as it can connect to AWS. On that ActiveGate edit the custom.properties file and set the following property to true:

ActiveGate version 1.159 and earlier

plaintext
[collector]
AWSAgentEnabled = true

ActiveGate version 1.161 or later

plaintext
[aws_monitoring]
aws_monitoring_enabled = true

On all the other ActiveGates, set the property to false.

My ActiveGate is behind a firewall.

Add *.amazonaws.com to your firewall's list of allowed domains.

I create and attach the role for ActiveGate, but it doesn't assume the monitoring role

An error might occur when attaching a role to an EC2 instance. In such cases, you can use curl to retrieve the instance metadata to verify if the role is listed there. Use the following command:

shell
curl http://169.254.169.254/latest/meta-data/iam/info

If the attached role is still not listed in the instance metadata, it often helps to reattach it.

For more information, see Instance Metadata and User Data.

Role-based monitoring is not getting data from non-default AWS regions

To monitor non-default AWS regions—Middle East (Bahrain), Africa (Cape Town), Asia Pacific (Hong Kong), Europe (Milan)—using role-based credentials, you need to modify the IAM STS settings in the AWS IAM console.

  1. In the AWS IAM console, go to Account settings.
  2. In Security Token Service (STS), select Edit to change Region compatibility of session tokens for Global endpoint to Valid in all AWS Regions.
  3. Select Save changes.
Related topics
  • Set up Dynatrace on Amazon Web Services

    Set up and configure monitoring for Amazon Web Services.

  • Dynatrace OneAgent

    Understand the important concepts related to OneAgent and find out how to install and operate OneAgent on different platforms.

  • Limit API calls to AWS using tags

    Add and configure AWS tags to limit AWS resources.