• Home
  • Setup and configuration
  • Set up Dynatrace on cloud platforms
  • Amazon Web Services
  • Set up Dynatrace SaaS for AWS monitoring

Set up Dynatrace SaaS for AWS monitoring

You can integrate Dynatrace with Amazon Web Services (AWS) for intelligent monitoring of services running in the Amazon Cloud. AWS integration helps you stay on top of the dynamics of your data center in the cloud.

Important

Dynatrace can be deployed with or without an Environment ActiveGate. Configuring role-based access differs for Dynatrace deployments that use an Environment ActiveGate.

Overview

Follow these basic steps to integrate Dynatrace SaaS with Amazon Web Services (AWS):

  1. Create AWS monitoring policy.

  2. Choose an access method:

    • Key-based access.
    • Role-based access.
      If you choose role-based access, use the appropriate procedure for your deployment scenario:
      • Role-based access for SaaS deployments with Environment ActiveGate.
      • Role-based access for SaaS deployments with NO Environment ActiveGate.

    You must install and configure an Environment ActiveGate if you want to monitor either or both of the following:

    • More than 2,000 AWS resources (AWS service instances)
    • AWS Supporting Services
  3. Select your AWS partition

  4. Define AWS resource tagging

Cloud-service monitoring consumption

As of 2021, all cloud services consume Davis data units (DDUs). The amount of DDU consumption per service instance depends on the number of monitored metrics and their dimensions (each metric dimension results in the ingestion of 1 data point; 1 data point consumes 0.001 DDUs).

AWS costs

Dynatrace makes Amazon API requests every 5 minutes. In addition to CloudWatch API calls, Dynatrace makes API calls to the monitored AWS services in order to learn about their instances, tags, etc. The list of called services and actions is available below in the Create the monitoring policy section. Here's a rough estimate of AWS monitoring costs:

AWS serviceNumber of metricsDaily cost per instance (USD)
Elastic Compute Cloud (EC2)7$0.02016
Elastic Block Store (EBS)10$0.02304
Elastic Load Balancer (ELB)11$0.03168
Relational Database Service (RDS)11$0.03168
DynamoDB15$0.06912
Lambda4$0.01152
Amazon charges

Amazon will charge about $0.01 per 1,000 metrics requested from the CloudWatch API and include the cost in the bill for the AWS account you use with Dynatrace.

AWS monitoring policy

The AWS monitoring policy defines the minimum scope of permissions you need to give to Dynatrace to monitor the services running in your AWS account. Create it once and use anytime when enabling Dynatrace access to your AWS account.

Permission boundaries

AWS IAM permission boundaries may prohibit AWS actions required by Dynatrace. If you use IAM permission boundary on your AWS account, make sure that actions from policy are allowed in all AWS regions within permission boundary.

  1. Go to Identity and Access Management (IAM) in your Amazon Console.

  2. Go to Policies and select Create policy.

  3. Select the JSON tab, and paste the predefined policy from the box below.

    Predefined policy in JSON
    json
    { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "acm-pca:ListCertificateAuthorities", "apigateway:GET", "apprunner:ListServices", "appstream:DescribeFleets", "appsync:ListGraphqlApis", "athena:ListWorkGroups", "autoscaling:DescribeAutoScalingGroups", "cloudformation:ListStackResources", "cloudfront:ListDistributions", "cloudhsm:DescribeClusters", "cloudsearch:DescribeDomains", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "codebuild:ListProjects", "datasync:ListTasks", "dax:DescribeClusters", "directconnect:DescribeConnections", "dms:DescribeReplicationInstances", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:DescribeAvailabilityZones", "ec2:DescribeInstances", "ec2:DescribeNatGateways", "ec2:DescribeSpotFleetRequests", "ec2:DescribeTransitGateways", "ec2:DescribeVolumes", "ec2:DescribeVpnConnections", "ecs:ListClusters", "eks:ListClusters", "elasticache:DescribeCacheClusters", "elasticbeanstalk:DescribeEnvironmentResources", "elasticbeanstalk:DescribeEnvironments", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetHealth", "elasticmapreduce:ListClusters", "elastictranscoder:ListPipelines", "es:ListDomainNames", "events:ListEventBuses", "firehose:ListDeliveryStreams", "fsx:DescribeFileSystems", "gamelift:ListFleets", "glue:GetJobs", "inspector:ListAssessmentTemplates", "kafka:ListClusters", "kinesis:ListStreams", "kinesisanalytics:ListApplications", "kinesisvideo:ListStreams", "lambda:ListFunctions", "lambda:ListTags", "lex:GetBots", "logs:DescribeLogGroups", "mediaconnect:ListFlows", "mediaconvert:DescribeEndpoints", "mediapackage-vod:ListPackagingConfigurations", "mediapackage:ListChannels", "mediatailor:ListPlaybackConfigurations", "opsworks:DescribeStacks", "qldb:ListLedgers", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "rds:DescribeEvents", "rds:ListTagsForResource", "redshift:DescribeClusters", "robomaker:ListSimulationJobs", "route53:ListHostedZones", "route53resolver:ListResolverEndpoints", "s3:ListAllMyBuckets", "sagemaker:ListEndpoints", "sns:ListTopics", "sqs:ListQueues", "storagegateway:ListGateways", "sts:GetCallerIdentity", "swf:ListDomains", "tag:GetResources", "tag:GetTagKeys", "transfer:ListServers", "workmail:ListOrganizations", "workspaces:DescribeWorkspaces" ], "Resource": "*" } ] }
  4. Give the policy a name. For example Dynatrace_monitoring_policy. Type it in the Name field.

  5. Select Create policy.

Access methods

To get the information required for comprehensive AWS cloud-computing monitoring, Dynatrace needs to identify all the virtualized infrastructure components in your AWS environment and collect performance metrics related to those components. We use this information to understand the context of your applications, services, and hosts. For this to happen, you need to authorize Dynatrace to access your Amazon metrics.

You can enable Dynatrace access to your AWS metrics by either using a private access key (key-based access) or defining a special role for Dynatrace (role-based access). In all the cases, make sure that your Environment ActiveGate has a working connection to AWS. Configure your proxy for ActiveGate, or allow access to *.amazonaws.com in your firewall settings.

As a best practice, use temporary security credentials (IAM roles) instead of access keys, and disable any AWS account root user access keys.

Key-based access

If you decide to use the key-based authentication, remember to rotate the keys periodically. Keep in mind that you need to perform this procedure each time you change the key.

Prerequisites for key-based access

  • Rights to create a new AWS user
  • Your AWS account ID
  • Your Amazon Access key ID and Secret access key

Enable access to your Amazon account using key-based access

Dynatrace can use access keys to make secure REST or Query protocol requests to the AWS service API. You'll need to generate an Access key ID and a Secret access key that Dynatrace can use to get metrics from Amazon Web Services.

  1. In your Amazon Console, go to Users and select Add User.

  2. Enter a name for the key you want to create (for example, Dynatrace_monitoring_user). In Select AWS access type, select Programmatic access, and then select Next:Permissions.

  3. Select Attach existing policies directly and choose the monitoring policy you defined (for example, Dynatrace_monitoring_policy), and then select Next: Review.

  4. Review the user details and select Create user.

  5. Store the Access Key ID name (AKID) and Secret access key values.
    You can either download the user credentials or copy the credentials displayed online (select Show).

Connect your Amazon account to Dynatrace using key-based access

Once you've granted AWS access to Dynatrace, it's time to connect Dynatrace to your Amazon AWS account.

  1. In the Dynatrace menu, go to Settings > Cloud and virtualization > AWS and select Connect new instance.

  2. Select Key-based authentication method.

    • Create a name for this connection. This is mandatory. Dynatrace needs this name to identify and display the connection.
    • In the Access key ID field, paste the identifier of the key you created in Amazon for Dynatrace access.
    • In the Secret access key field, paste the value of the key you created in Amazon for Dynatrace access.
    • Select Connect to verify and save the connection.
  3. Once the connection is successfully verified and saved, your AWS account will be listed in the Cloud and virtualization settings page. You should soon begin to see AWS cloud monitoring data.

Role-based access

Dynatrace SaaS deployments might vary. Integrating Dynatrace SaaS with AWS is different when deployment includes an Environment ActiveGate. Select the appropriate set up procedure for your Dynatrace SaaS deployment scenario.

Opt-in AWS Regions

If you configure a role-based integration in an AWS Region that must be manually activated for use with AWS STS, for example Hong Kong, you must change Region compatibility of session tokens for global endpoint to be valid in all AWS Regions. For more information, see Managing AWS STS in an AWS Region in AWS docs.

Role-based access for SaaS deployments with Environment ActiveGate

The instructions below apply whether or not the account hosting your ActiveGate is the same as your monitored account.

In a typical setup, you need to create two CloudFormation stacks using CloudFormation templates:

  • A CloudFormation stack from the account hosting your ActiveGate, containing the following resources:
    • A role for your Environment ActiveGate hosted in your AWS infrastructure, on an AWS EC2 host.
    • Its attached policy, defining the monitored account permissions.
  • A CloudFormation stack from the monitored account, containing the following resources:
    • A dedicated monitoring role for Dynatrace in your AWS account.
    • Its attached policy, defining the Dynatrace authentication permissions to your AWS environment.

Note: To monitor multiple accounts, add all resources to the Resource array in the template in Step 1 and repeat Step 2 to create a stack for each monitored account.

Prerequisites for role-based access, with Environment ActiveGate

  • Environment ActiveGate installed on an AWS EC2 host. It must be able to assume a role within your AWS account that allows it to read the Dynatrace monitoring data.

  • The ID of the AWS account that hosts the ActiveGate (for example, the account that hosts your Dynatrace components, which in this case is the one hosting Environment ActiveGate).

  • The Amazon Web Services monitored account ID (the account you want to monitor).

  • The name of the role with which your Environment ActiveGate was started.

  • The External ID.

    How to get the External ID
    1. In the Dynatrace menu, go to Settings.
    2. Go to Cloud and virtualization > AWS and select Connect new instance.
    3. Under Authentication method, select Role-based authentication.
    4. Under Your Amazon account ID, select Copy to copy the token (the External ID).

To enable access to your Amazon account using role-based access, follow the steps below.

Step 1. Create a role for ActiveGate on the account that hosts ActiveGate

  1. Create a YAML file and paste the content from github role_based_access_AG_account_template.yml.
For multiple monitored accounts

For each account you want to monitor, add a new item to the !Sub array in the Resource section of the template above, in the following format: 'arn:aws:iam::<new_monitored_account_id>:role/<new_monitoring_role_name>'.

Note: Be sure to replace the placeholders (<new_monitored_account_id>, <new_monitoring_role_name>) with your own values.

  1. Create the stack in your Amazon Console or using the CLI.
In the Amazon Console
  1. In your Amazon Console, go to CloudFormation.
  2. Go to Stacks and create a new stack with new resources.
  3. Select Template is ready, upload the template you created above, and select Next.
  4. In Parameters, for MonitoredAccountID, enter the ID of the account Dynatrace will monitor. Optionally, adapt other parameters as needed.
  5. Enter a name for your stack, and then select Next twice.
  6. Review your configuration, select I acknowledge that AWS CloudFormation might create IAM resources with custom names, and select Create stack.
Using the CLI

Run the command below, making sure to replace the parameter values with your actual values.

Note: You need to remove the angle brackets (< and >).

shell
aws cloudformation create-stack \ --capabilities CAPABILITY_NAMED_IAM \ --stack-name <stack_name> \ --template-body <file:///home/user/template_file.yaml> \ --parameters ParameterKey=ActiveGateRoleName,ParameterValue=<role_name> ParameterKey=AssumePolicyName,ParameterValue=<policy_name> ParameterKey=MonitoringRoleName,ParameterValue=<monitoring_role_name> ParameterKey=MonitoredAccountID,ParameterValue=<monitored_account_id>
  1. Go to the Amazon EC2 console, right-click an instance hosting your Environment ActiveGate, and select Security > Modify IAM role.
  2. Select the role you created at step 1 (for example, Dynatrace_ActiveGate_role), and select Apply.

Step 2. Create a monitoring role for Dynatrace on your monitored account

After the Dynatrace_ActiveGate_role is created on the account hosting the ActiveGate, create a role for the account to be monitored.

  1. Create a YAML file and paste the content from the github role_based_access_monitored_account_template.yml.

  2. Create the stack in your Amazon Console or using the CLI.

In the Amazon Console
  1. In your Amazon Console, go to CloudFormation.
  2. Go to Stacks and create a new stack with new resources.
  3. Select Template is ready, upload the template you created above, and select Next.
  4. In Parameters, enter:
  • The External ID. For details, see Prerequisites
  • The ActiveGateRoleName and the ActiveGateAccountID from the stack created in Step 1.

Optionally, adapt other parameters as needed.

  1. Enter a name for your stack, and then select Next twice.
  2. Review your configuration, enable I acknowledge that AWS CloudFormation might create IAM resources with custom names, and select Create stack.
Using the CLI

Run the command below, making sure to replace the parameter values with your actual values.

Note: You need to remove the angle brackets (< and >).

shell
aws cloudformation create-stack \ --capabilities CAPABILITY_NAMED_IAM \ --stack-name <stack_name> \ --template-body <file:///home/user/template_file.yaml> \ --parameters ParameterKey=ExternalID,ParameterValue=<external_id> ParameterKey=ActiveGateRoleName,ParameterValue=<activegate_role_name> ParameterKey=ActiveGateAccountID,ParameterValue=<activegate_account_id> ParameterKey=RoleName,ParameterValue=<role_name> ParameterKey=PolicyName,ParameterValue=<policy_name>

Step 3. Modify ActiveGate configuration

Starting with ActiveGate version 1.217, AWS monitoring is enabled by default. For configuration details, see Customize ActiveGate properties. The following configuration settings refer to earlier ActiveGate versions.

  1. Edit the custom.properties file of your Environment ActiveGate.

  2. Set the following properties as below:

    plaintext
    [aws_monitoring] use_aws_proxy_role = false aws_monitoring_enabled = true
    ActiveGate version 1.183 or earlier
    plaintext
    [vertical.topology] use_aws_proxy_role = false
    plaintext
    [aws_monitoring] aws_monitoring_enabled = true

    If the ActiveGate is dedicated to AWS monitoring, you must also set the MSGrouter property to false:

    plaintext
    [collector] MSGrouter = false

    Remove aws_proxy_account and aws_proxy_role properties.

  3. Save the file and restart the ActiveGate main service.

Role-based access for SaaS deployments without Environment ActiveGate

To give Dynatrace SaaS role-based monitoring access to your AWS account, you need to create a CloudFormation stack using a CloudFormation template containing the following resources:

  • A dedicated monitoring role for Dynatrace in your AWS account.
  • Its attached policy, defining the Dynatrace authentication permissions to your AWS environment. For multiple accounts, you need to repeat the following steps for every account that you want to monitor.

Note: You won't be able to monitor AWS Supporting Services without an AWS-hosted Environment ActiveGate.

Prerequisites for role-based access, without Environment ActiveGate

  • Your Amazon Web Services account ID

  • Rights to assign role-based access to your AWS account

  • The External ID.

    How to get the External ID
    1. In the Dynatrace menu, go to Settings.
    2. Go to Cloud and virtualization > AWS and select Connect new instance.
    3. Under Authentication method, select Role-based authentication.
    4. Under Your Amazon account ID, select Copy to copy the token (the External ID).

Create a monitoring role for Dynatrace in your AWS account

  1. Create a YAML file and paste the content from the github role_based_access_no_AG_template.yml.

  2. Create the stack in your Amazon Console or using the CLI.

In the Amazon Console
  1. In your Amazon Console, go to CloudFormation.
  2. Go to Stacks and create a new stack with new resources.
  3. Select Template is ready, upload the template you created above, and then select Next.
  4. In Parameters, enter the External ID. For details, see Prerequisites. Optionally, adapt other parameters as needed.
  5. Enter a name for your stack, and then select Next twice.
  6. Review your configuration, enable I acknowledge that AWS CloudFormation might create IAM resources with custom names, and then select Create stack.
Using the CLI

Run the command below, making sure to replace the parameter values with your actual values.

Note: You need to remove the angle brackets (< and >).

shell
aws cloudformation create-stack \ --capabilities CAPABILITY_NAMED_IAM \ --stack-name <stack_name> \ --template-body <file:///home/user/template_file.yaml> \ --parameters ParameterKey=ExternalID,ParameterValue=<external_id> ParameterKey=RoleName,ParameterValue=<role_name> ParameterKey=PolicyName,ParameterValue=<policy_name>

Connect your Amazon account to Dynatrace using role-based access

After you've granted AWS access to Dynatrace, it's time to connect Dynatrace to your Amazon AWS account.

  1. In Dynatrace, go to Settings > Cloud and virtualization > AWS and select Connect new instance.

  2. Enter a name for this connection. If you leave it empty, the name Role will be used on Dynatrace pages to define this connection.

  3. Select Role based authentication and enter configuration details:

    • Enter the name of the role you created in Amazon for Dynatrace (for example, Dynatrace_monitoring_role).
    • Enter your Amazon account ID (the account you want Dynatrace to pull metrics from).
    • Select Connect to verify and save the connection.
  4. After the connection is verified and saved, your AWS account is listed on the Cloud and virtualization settings page. You should soon begin to see AWS cloud monitoring data.

Select your AWS partition

If your AWS account is on a different partition than the default aws partition, you can select it and Dynatrace will connect to it instead.

To change your AWS partition

  1. In the Dynatrace menu, go to Settings and select Cloud and virtualization > AWS.
  2. Find the instance where you want to change the partition and select Edit pen icon to edit the instance.
  3. In the AWS partition list, select your partition.
  4. Select Save.

Define AWS resource tagging

We recommend to limit the scope of your AWS monitoring and reduce the number API calls to Amazon. You can use the tagging to limit the AWS resources that are monitored by Dynatrace. For details, see How do I tag AWS resources?

Set up metric events for alerting

To configure metric events for alerting

  1. In the Dynatrace menu, go to Settings > Cloud and virtualization > AWS.
  2. Under Metric events for alerting, select Manage alerting rules.
  3. On the Metric events for alerting page, you can create, enable/disable, and configure recommended alerting rules.

For an overview of all recommended alerting rules for all supporting services, see the list below.

List of predefined alerting rules per supporting service
NameAlerting rules
Amazon MQAmazon MQ store percent usage (Static threshold: above 95 %),
Amazon MQ temp percent usage (Static threshold: above 95 %),
Amazon MQ memory usage (by topic) (Static threshold: above 95 %),
Amazon MQ memory usage (by queue) (Static threshold: above 95 %),
Amazon MQ CPU utilization (Static threshold: above 95 %),
Amazon MQ heap usage (Static threshold: above 95 %),
Amazon MQ job scheduler store percent usage (Static threshold: above 95 %),
Amazon RabbitMQ CPU utilization (Static threshold: above 95 %)
AWS App RunnerAWS App Runner CPU utilization (by instance/service ID) (Static threshold: above 95 %)
Amazon AppStreamAmazon AppStream capacity utilization (Static threshold: above 95 %)
Amazon AuroraAmazon Aurora CPU utilization (average, by region) (Static threshold: above 95 %),
Amazon Aurora CPU utilization (average, by region/engine) (Static threshold: above 95 %),
Amazon Aurora CPU utilization (average, by region/database class) (Static threshold: above 95 %),
Amazon Aurora CPU utilization (average) (Static threshold: above 95 %),
Amazon Aurora CPU utilization (average, by role) (Static threshold: above 95 %),
Amazon Aurora CPU utilization (maximum, by region) (Static threshold: above 95 %),
Amazon Aurora CPU utilization (maximum, by region/engine) (Static threshold: above 95 %),
Amazon Aurora CPU utilization (maximum, by region/database class) (Static threshold: above 95 %),
Amazon Aurora CPU utilization (maximum) (Static threshold: above 95 %),
Amazon Aurora CPU utilization (maximum, by role) (Static threshold: above 95 %)
Amazon KeyspacesAmazon Keyspaces account provisioned read capacity utilization (by region) (Static threshold: above 95 %),
Amazon Keyspaces account provisioned write capacity utilization (by region) (Static threshold: above 95 %),
Amazon Keyspaces max provisioned table read capacity utilization (by region) (Static threshold: above 95 %),
Amazon Keyspaces max provisioned table write capacity utilization (by region) (Static threshold: above 95 %)
Amazon CloudFrontAmazon CloudFront total error rate (by region) (Static threshold: above 5 %),
Amazon CloudFront 4xx error rate (by region) (Static threshold: above 5 %),
Amazon CloudFront 5xx error rate (by region) (Static threshold: above 5 %)
Amazon CloudSearchAmazon CloudSearch index utilization (Static threshold: above 95 %)
AWS CodeBuildAWS CodeBuild CPU utilized percent (Static threshold: above 95 %),
AWS CodeBuild CPU utilized percent (by build id/build number) (Static threshold: above 95 %),
AWS CodeBuild memory utilized percent (Static threshold: above 95 %),
AWS CodeBuild memory utilized percent (by build id/build number) (Static threshold: above 95 %)
Amazon ConnectAmazon Connect the percentage of the concurrent calls service quota (by metric group) (Static threshold: above 95 %)
Amazon Elastic Kubernetes Service (EKS)Amazon EKS Node CPU utilization (by instance id/node name) (Static threshold: above 95 %),
Amazon EKS Node memory utilization (by instance id/node name) (Static threshold: above 95 %),
Amazon EKS Pod CPU utilization over pod limit (by namespace) (Static threshold: above 95 %),
Amazon EKS Pod CPU utilization over pod limit (by namespace/pod name) (Static threshold: above 95 %),
Amazon EKS Pod CPU utilization over pod limit (Static threshold: above 95 %),
Amazon EKS Node filesystem utilization (by instance id/node name) (Static threshold: above 95 %),
Amazon EKS Pod memory utilization (by namespace) (Static threshold: above 95 %),
Amazon EKS Pod memory utilization (by namespace/pod name) (Static threshold: above 95 %),
Amazon EKS Service Pod memory utilization (Static threshold: above 95 %),
Amazon EKS Pod CPU utilization (by namespace) (Static threshold: above 95 %),
Amazon EKS Pod CPU utilization (by namespace/pod name) (Static threshold: above 95 %),
Amazon EKS Pod CPU utilization (Static threshold: above 95 %),
Amazon EKS Pod CPU reserved capacity (by namespace/pod name) (Static threshold: above 95 %),
Amazon EKS Pod CPU reserved capacity (Static threshold: above 95 %),
Amazon EKS Pod memory utilization over pod limit (by namespace) (Static threshold: above 95 %),
Amazon EKS Pod memory utilization over pod limit (by namespace/pod name) (Static threshold: above 95 %),
Amazon EKS Pod memory utilization over pod limit (Static threshold: above 95 %),
Amazon EKS Pod memory reserved capacity (by namespace/pod name) (Static threshold: above 95 %),
Amazon EKS Pod memory reserved capacity (Static threshold: above 95 %),
Amazon EKS Node CPU reserved capacity (by instance id/node name) (Static threshold: above 95 %),
Amazon EKS Node CPU reserved capacity (Static threshold: above 95 %),
Amazon EKS Node memory reserved capacity (by instance id/node name) (Static threshold: above 95 %),
Amazon EKS Node memory reserved capacity (Static threshold: above 95 %),
Amazon EKS Node CPU utilization (Static threshold: above 95 %),
Amazon EKS Node memory utilization (Static threshold: above 95 %),
Amazon EKS Node filesystem utilization (Static threshold: above 95 %)
Amazon DynamoDB Accelerator (DAX)Amazon DynamoDB Accelerator CPU utilization (Static threshold: above 95 %),
Amazon DynamoDB Accelerator CPU utilization (by node id) (Static threshold: above 95 %),
Amazon DynamoDB Accelerator CPU utilization (by region) (Static threshold: above 95 %)
Amazon Database Migration ServiceAmazon Database Migration Service CPU utilization (by replication task identifier) (Static threshold: above 95 %),
Amazon Database Migration Service CPU utilization (Static threshold: above 95 %),
Amazon Database Migration Service CPU utilization (by replication instance/external resource id) (Static threshold: above 95 %),
Amazon Database Migration Service CPU utilization (by region) (Static threshold: above 95 %),
Amazon Database Migration Service CPU utilization (by region/instance class) (Static threshold: above 95 %)
Amazon DocumentDBAmazon DocumentDB CPU utilization (by region/DB instance identifier) (Static threshold: above 95 %),
Amazon DocumentDB CPU utilization (by role) (Static threshold: above 95 %),
Amazon DocumentDB CPU utilization (Static threshold: above 95 %)
Amazon Elastic Container Service (ECS)Amazon ECS CPU reservation (Static threshold: above 95 %),
Amazon ECS CPU utilization (Static threshold: above 95 %),
Amazon ECS CPU utilization (by service name) (Static threshold: above 95 %),
Amazon ECS Memory reservation (Static threshold: above 95 %),
Amazon ECS Memory utilization (Static threshold: above 95 %),
Amazon ECS Memory utilization (by service name) (Static threshold: above 95 %)
Amazon ECS ContainerInsightsAmazon ECS ContainerInsights instance memory utilization (by container instance id/instance id) (Static threshold: above 95 %),
Amazon ECS ContainerInsights instance memory utilization (Static threshold: above 95 %),
Amazon ECS ContainerInsights instance memory reserved capacity (by container instance id/instance id) (Static threshold: above 95 %),
Amazon ECS ContainerInsights instance memory reserved capacity (Static threshold: above 95 %),
Amazon ECS ContainerInsights instance CPU utilization (by container instance id/instance id) (Static threshold: above 95 %),
Amazon ECS ContainerInsights instance CPU utilization (Static threshold: above 95 %),
Amazon ECS ContainerInsights instance filesystem utilization (by container instance id/instance id) (Static threshold: above 95 %),
Amazon ECS ContainerInsights instance filesystem utilization (Static threshold: above 95 %),
Amazon ECS ContainerInsights instance CPU reserved capacity (by container instance id/instance id) (Static threshold: above 95 %),
Amazon ECS ContainerInsights instance CPU reserved capacity (Static threshold: above 95 %)
Amazon ElastiCache (EC)Amazon ElastiCache CPU utilization (Static threshold: above 95 %),
Amazon ElastiCache CPU utilization (by cache/node id) (Static threshold: above 95 %),
Amazon ElastiCache engine CPU utilization (Static threshold: above 95 %),
Amazon ElastiCache engine CPU utilization (by cache/node id) (Static threshold: above 95 %)
AWS Elastic BeanstalkAWS Elastic Beanstalk root filesystem util (by instance id) (Static threshold: above 95 %),
AWS Elastic Beanstalk root filesystem util (Static threshold: above 95 %),
AWS Elastic Beanstalk load average 1min (by instance id) (Static threshold: above 95 %),
AWS Elastic Beanstalk load average 5min (by instance id) (Static threshold: above 95 %),
AWS Elastic Beanstalk CPU user (by instance id) (Static threshold: above 95 %),
AWS Elastic Beanstalk CPU nice (by instance id) (Static threshold: above 95 %),
AWS Elastic Beanstalk CPU idle (by instance id) (Static threshold: below 5 %),
AWS Elastic Beanstalk CPU IO wait (by instance id) (Static threshold: above 95 %),
AWS Elastic Beanstalk CPU irq (by instance id) (Static threshold: above 95 %),
AWS Elastic Beanstalk CPU softirq (by instance id) (Static threshold: above 95 %),
AWS Elastic Beanstalk CPU system (by instance id) (Static threshold: above 95 %),
AWS Elastic Beanstalk CPU privileged (by instance id) (Static threshold: above 95 %)
Amazon Elastic File System (EFS)Amazon EFS percent IO limit (Static threshold: above 95 %)
Amazon Elastic InferenceAmazon Elastic Inference accelerator utilization (by Elastic Inference accelerator id) (Static threshold: above 95 %)
Amazon Elastic Map Reduce (EMR)Amazon Elastic MapReduce YARN memory available percentage (Static threshold: below 5 %),
Amazon Elastic MapReduce YARN memory available percentage (by job id) (Static threshold: below 5 %),
Amazon Elastic MapReduce HDFS utilization (Static threshold: above 95 %),
Amazon Elastic MapReduce HDFS utilization (by job id) (Static threshold: above 95 %)
Amazon Elasticsearch Service (ES)Amazon Elasticsearch Service CPU utilization (maximum, by client id) (Static threshold: above 95 %),
Amazon Elasticsearch Service CPU utilization (by client id) (Static threshold: above 95 %),
Amazon Elasticsearch Service JVM memory pressure (high, by client id) (Static threshold: above 75 %),
Amazon Elasticsearch Service JVM memory pressure (critical, by client id) (Static threshold: above 90 %),
Amazon Elasticsearch Service master CPU utilization (by client id) (Static threshold: above 95 %),
Amazon Elasticsearch Service master JVM memory pressure (high) (Static threshold: above 75 %),
Amazon Elasticsearch Service master JVM memory pressure (critical) (Static threshold: above 90 %)
Amazon GameLiftAmazon GameLift percent idle instances (Static threshold: below 5 %),
Amazon GameLift percent idle instances (by region/metric groups) (Static threshold: below 5 %),
Amazon GameLift percent healthy server processes (Static threshold: below 95 %),
Amazon GameLift Percent healthy server processes (by region/metric groups) (Static threshold: below 95 %),
Amazon GameLift percent available game sessions (Static threshold: below 5 %),
Amazon GameLift percent available game sessions (by region/metric groups) (Static threshold: below 5 %)
AWS GlueAWS Glue driver JVM heap usage (by job run id/type) (Static threshold: above 95 %),
AWS Glue ALL JVM heap usage (by job run id/type) (Static threshold: above 95 %),
AWS Glue driver CPU system load (by job run id/type) (Static threshold: above 95 %),
AWS Glue ALL CPU system load (by job run id/type) (Static threshold: above 95 %)
Amazon Managed Streaming for KafkaAmazon Managed Streaming for Kafka root disk used (by broker id) (Static threshold: above 95 %),
Amazon Managed Streaming for Kafka network processor avg idle percent (by broker id) (Static threshold: below 5 %),
Amazon Managed Streaming for Kafka request handler avg idle percent (by broker id) (Static threshold: below 5 %),
Amazon Managed Streaming for Kafka app logs disk used (by broker id) (Static threshold: above 95 %),
Amazon Managed Streaming for Kafka data logs disk used (by broker id) (Static threshold: above 95 %),
Amazon Managed Streaming for Kafka the percentage of CPU in user space (by broker id) (Static threshold: above 95 %),
Amazon Managed Streaming for Kafka the percentage of CPU idle time (by broker id) (Static threshold: below 5 %),
Amazon Managed Streaming for Kafka the percentage of CPU in kernel space (by broker id) (Static threshold: above 95 %)
AWS Elemental MediaConnectAWS Elemental MediaConnect source packet loss percent (Static threshold: above 5 %),
AWS Elemental MediaConnect packet loss percent (by region) (Static threshold: above 5 %),
AWS Elemental MediaConnect packet loss percent (by region/availability zone) (Static threshold: above 5 %),
AWS Elemental MediaConnect source packet loss percent (by region) (Static threshold: above 5 %),
AWS Elemental MediaConnect source packet loss percent (by region/availability zone) (Static threshold: above 5 %),
AWS Elemental MediaConnect source packet loss percent (by region/source arn) (Static threshold: above 5 %),
AWS Elemental MediaConnect packet loss percent (Static threshold: above 5 %)
Amazon NeptuneAmazon Neptune CPU utilization (Static threshold: above 95 %),
Amazon Neptune CPU utilization (by role) (Static threshold: above 95 %),
Amazon Neptune CPU utilization (by region) (Static threshold: above 95 %),
Amazon Neptune CPU utilization (by region/DB instance identifier) (Static threshold: above 95 %),
Amazon Neptune CPU utilization (by region/database class) (Static threshold: above 95 %),
Amazon Neptune CPU utilization (by region/engine name) (Static threshold: above 95 %)
AWS OpsWorksAWS OpsWorks CPU system (Static threshold: above 95 %),
AWS OpsWorks CPU user (Static threshold: above 95 %),
AWS OpsWorks CPU nice (Static threshold: above 95 %),
AWS OpsWorks CPU IO wait (Static threshold: above 95 %),
AWS OpsWorks CPU steal (Static threshold: above 95 %),
AWS OpsWorks CPU idle (Static threshold: below 5 %),
AWS OpsWorks CPU system (by region/instance id) (Static threshold: above 95 %),
AWS OpsWorks CPU system (by region/layer id) (Static threshold: above 95 %),
AWS OpsWorks CPU user (by region/instance id) (Static threshold: above 95 %),
AWS OpsWorks CPU user (by region/layer id) (Static threshold: above 95 %),
AWS OpsWorks CPU nice (by region/instance id) (Static threshold: above 95 %),
AWS OpsWorks CPU nice (by region/layer id) (Static threshold: above 95 %),
AWS OpsWorks CPU IO wait (by region/instance id) (Static threshold: above 95 %),
AWS OpsWorks CPU IO wait (by region/layer id) (Static threshold: above 95 %),
AWS OpsWorks CPU steal (by region/instance id) (Static threshold: above 95 %),
AWS OpsWorks CPU steal (by region/layer id) (Static threshold: above 95 %),
AWS OpsWorks CPU idle (by region/instance id) (Static threshold: below 5 %),
AWS OpsWorks CPU idle (by region/layer id) (Static threshold: below 5 %)
Amazon RedshiftAmazon Redshift CPU utilization (Static threshold: above 95 %),
Amazon Redshift CPU utilization (by node id) (Static threshold: above 95 %),
Amazon Redshift percentage disk space used (Static threshold: above 95 %),
Amazon Redshift percentage disk space used (by node id) (Static threshold: above 95 %)
Amazon Route 53Amazon Route 53 percentage healthy (by region/health check id) (Static threshold: below 95 %)
Amazon SageMaker Batch Transform JobsAmazon SageMaker Batch Transform Jobs CPU utilization (by region/host) (Static threshold: above 95 %),
Amazon SageMaker Batch Transform Jobs memory utilization (by region/host) (Static threshold: above 95 %),
Amazon SageMaker Batch Transform Jobs GPU utilization (by region/host) (Static threshold: above 95 %),
Amazon SageMaker Batch Transform Jobs GPU memory utilization (by region/host) (Static threshold: above 95 %)
Amazon SageMaker Endpoint InstancesAmazon SageMaker Endpoint Instances CPU utilization (by variant name) (Static threshold: above 95 %),
Amazon SageMaker Endpoint Instances memory utilization (by variant name) (Static threshold: above 95 %),
Amazon SageMaker Endpoint Instances GPU utilization (by variant name) (Static threshold: above 95 %),
Amazon SageMaker Endpoint Instances GPU memory utilization (by variant name) (Static threshold: above 95 %),
Amazon SageMaker Endpoint Instances disk utilization (by variant name) (Static threshold: above 95 %)
Amazon SageMaker Processing JobsAmazon SageMaker Processing Jobs CPU utilization (by region/host) (Static threshold: above 95 %),
Amazon SageMaker Processing Jobs memory utilization (by region/host) (Static threshold: above 95 %),
Amazon SageMaker Processing Jobs GPU utilization (by region/host) (Static threshold: above 95 %),
Amazon SageMaker Processing Jobs GPU memory utilization (by region/host) (Static threshold: above 95 %),
Amazon SageMaker Processing Jobs disk utilization (by region/host) (Static threshold: above 95 %)
Amazon SageMaker Training JobsAmazon SageMaker Training Jobs CPU utilization (by region/host) (Static threshold: above 95 %),
Amazon SageMaker Training Jobs memory utilization (by region/host) (Static threshold: above 95 %),
Amazon SageMaker Training Jobs GPU utilization (by region/host) (Static threshold: above 95 %),
Amazon SageMaker Training Jobs GPU memory utilization (by region/host) (Static threshold: above 95 %),
Amazon SageMaker Training Jobs disk utilization (by region/host) (Static threshold: above 95 %)
Amazon Simple Email Service (SES)Amazon SES reputation bounce rate (by region) (Static threshold: above 5 %),
Amazon SES reputation complaint rate (by region) (Static threshold: above 0.1 %)
AWS Storage GatewayAWS Storage Gateway cache percent dirty (by region/share id) (Static threshold: above 80 %),
AWS Storage Gateway cache percent dirty (by region/volume id) (Static threshold: above 80 %),
AWS Storage Gateway cache percent dirty (by gateway id) (Static threshold: above 80 %),
AWS Storage Gateway user CPU percent (Static threshold: above 95 %),
AWS Storage Gateway IO wait percent (Static threshold: above 20 %),
AWS Storage Gateway upload buffer percent used (by gateway id) (Static threshold: above 95 %),
AWS Storage Gateway working storage percent used (by gateway id) (Static threshold: above 95 %)
AWS Trusted AdvisorAWS Trusted Advisor service limit usage (by region/service limit/service name) (Static threshold: above 95 %)

The number of recommended alerting rules depends on the number of your monitored supporting services.
To add recommended alerting rules for a new supporting service, you first need to add the new service to monitoring.

How to add a service to monitoring
  1. In the Dynatrace menu, go to Settings > Cloud and virtualization > AWS.
  2. On the AWS overview page, select the edit button (pencil icon) for the AWS instance you want to edit.
  3. Select Manage services and Add service, choose the service name from the list, and select Add service.
  4. Select Save changes.

Add AWS service

Note that not all supporting services have their own predefined alerting rules.

  1. Create and enable alerting rules.

    To enable recommended alerting rules, you first need to create them. You can create alerting rules and automatically enable them, or (if you clear Automatically enable created rules) create them and manually enable them after possible configuration changes.

    Create alerting rules AWS

    For example, you can create and automatically enable a first batch of alerts. When you start monitoring new services, you can create alerts for these new services without automatically enabling them (because you want to configure them first).

  2. Configure alerting rules. How you edit rules depends on whether you chose to automatically enable alerts.

    • If you chose to automatically enable alerts when creating them, go to Adjust recommended alerting rules, expand Enabled recommended alerting rules, and select any rule. This takes you to Edit custom event for alerting, where you can change the configuration rules for that specific service.

      Conf alerts AWS

    • If you didn't choose to automatically enable alerts when creating them, go to Enable recommended alerting rules, expand Disabled recommended alerting rules, and select any of the disabled rules. This takes you to the same Edit custom event for alerting page.

      Enable rules AWS

  3. Disable alerting rules.

  4. You can disable all alerting rules, or disable or delete them selectively.

    Disable rules AWS

    • To disable all alerting rules, go to Adjust recommended alerting rules and select Disable all enabled recommended alerting rules.
    • To disable or delete alerting rules selectively, go to Adjust recommended alerting rules and select Custom events for alerting. On the Custom events for alerting page, you can disable an alert by turning it off in the On/Off column, or you can delete it by selecting x in the Delete column.

    Custom events AWS

    Note: If you disable any or all of the alerting rules, you can always re-enable them.

    Reenable AWS

Related topics
  • Amazon Web Services monitoring

    Set up and configure monitoring for Amazon Web Services.

  • Dynatrace OneAgent

    Understand the important concepts related to OneAgent and find out how to install and operate OneAgent on different platforms.

  • Limit API calls to AWS using tags

    Add and configure AWS tags to limit AWS resources.