AWS CloudHSM (V2)

Dynatrace ingests metrics for multiple preselected namespaces, including AWS CloudHSM (V2). You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.


To enable monitoring for this service, you need

  • An Environment or Cluster ActiveGate version 1.197+
  • Dynatrace version 1.200+
  • An updated AWS monitoring policy to include the additional AWS services.
    To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.

If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for all services (All monitored Amazon services) and, for each supporting service, a list of optional permissions specific to that service.

Example of JSON policy for one single service.

In this example, from the complete list of permissions you need to select

  • "apigateway:GET" for Amazon API Gateway
  • "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "sts:GetCallerIdentity", "tag:GetResources", "tag:GetTagKeys", and "ec2:DescribeAvailabilityZones" for All monitored Amazon services.

Enable monitoring

To enable monitoring for this service, you first need to integrate Dynatrace with Amazon Web Services:

Add the service to monitoring

In order to view the service metrics, you must add the service to monitoring in your Dynatrace environment.

Cloud-service monitoring consumption

Beginning in early 2021, all cloud services will consume Davis Data Units (DDUs). The amount of DDU consumption per service instance depends on the number of monitored metrics and their dimensions (each metric dimension results in the ingestion of 1 data point; 1 data point consumes 0.001 DDUs). For DDU consumption estimates per service instance (recommended metrics only, predefined dimensions, and assumed dimension values), see DDU consumption estimates for per cloud service instance.

Monitor resources based on tags

You can choose to monitor resources based on existing AWS tags, as Dynatrace automatically imports them from service instances. Nevertheless, the transition from AWS to Dynatrace tagging isn't supported for all AWS services. Expand the table below to see which supporting services are filtered by tagging.

To monitor resources based on tags

  1. Go to Settings > Cloud and virtualization > AWS and select the AWS instance.
  2. For Resource monitoring method, select Monitor resources based on tags.
  3. Enter the Key and Value.
  4. Select Save.


Configure service metrics

Once you add a service, Dynatrace starts automatically collecting a suite of metrics for this particular service. These are recommended metrics.

Recommended metrics:

  • Are enabled by default
  • Can't be disabled
  • Can have recommended dimensions (enabled by default, can't be disabled)
  • Can have optional dimensions (disabled by default, can be enabled)

Apart from the recommended metrics, most services have the possibility of enabling optional metrics.

Optional metrics:

  • Can be added and configured manually

View service metrics

Once you add the service to monitoring, you can view the service metrics in your Dynatrace environment either on your dashboard page or on the custom device overview page.

Import preset dashboards

Dynatrace provides preset AWS dashboards that you can import from GitHub to your environment's Dashboards page.
Note: To save a preset dashboard locally, create a new JSON file on your local machine and copy-paste the content of the JSON file from GitHub into the new file.
Once you save a preset dashboard locally, there are two ways to import it.


Available metrics

Name Description Unit Statistics Dimensions Recommended
HsmUnhealthy The HSM instance is not performing properly None Multi ClusterId, HsmId ✔️
HsmUnhealthy None Multi ClusterId ✔️
HsmUnhealthy None Multi Region ✔️
HsmTemperature Junction temperature of the hardware processor None Multi ClusterId, HsmId ✔️
HsmTemperature None Multi ClusterId ✔️
HsmTemperature None Multi Region
HsmKeysSessionOccupied Number of session keys being used by the HSM instance Count Multi ClusterId, HsmId ✔️
HsmKeysSessionOccupied Count Multi ClusterId ✔️
HsmKeysSessionOccupied Count Multi Region ✔️
HsmKeysTokenOccupied Number of token keys being used by the HSM instance and the cluster Count Multi ClusterId, HsmId ✔️
HsmKeysTokenOccupied Count Multi ClusterId ✔️
HsmKeysTokenOccupied Count Multi Region ✔️
HsmSslCtxsOccupied Number of end-to-end encrypted channels currently established for the HSM instance Count Multi ClusterId, HsmId ✔️
HsmSslCtxsOccupied Count Multi ClusterId ✔️
HsmSslCtxsOccupied Count Multi Region
HsmSessionCount Number of open connections to the HSM instance Count Multi ClusterId, HsmId ✔️
HsmSessionCount Count Multi ClusterId ✔️
HsmSessionCount Count Multi Region
HsmUsersAvailable Number of additional users that can be created Count Multi ClusterId, HsmId ✔️
HsmUsersAvailable Count Multi ClusterId ✔️
HsmUsersAvailable Count Multi Region
HsmUsersMax Maximum number of users that can be created on the HSM instance Count Maximum ClusterId, HsmId ✔️
HsmUsersMax Count Maximum ClusterId ✔️
HsmUsersMax Count Maximum Region
InterfaceEth2DroppedInput Number of dropped packets on input Count Average ClusterId, HsmId
InterfaceEth2DroppedInput Count Average ClusterId
InterfaceEth2DroppedInput Count Average Region
InterfaceEth2ErrorsInput Number of error packets on input Count Average ClusterId, HsmId
InterfaceEth2ErrorsInput Count Average ClusterId
InterfaceEth2ErrorsInput Count Average Region
InterfaceEth2OctetsInput Cumulative sum of traffic to the HSM to date Count Average ClusterId, HsmId
InterfaceEth2OctetsInput Count Average ClusterId
InterfaceEth2OctetsInput Count Average Region
InterfaceEth2PacketsInput Total number of packets on input Count Average ClusterId, HsmId
InterfaceEth2PacketsInput Count Average ClusterId
InterfaceEth2PacketsInput Count Average Region
InterfaceEth2DroppedOutput Number of dropped packets on output Count Average ClusterId, HsmId
InterfaceEth2DroppedOutput Count Average ClusterId
InterfaceEth2DroppedOutput Count Average Region
InterfaceEth2ErrorsOutput Number of error packets on output Count Average ClusterId, HsmId
InterfaceEth2ErrorsOutput Count Average ClusterId
InterfaceEth2ErrorsOutput Count Average Region
InterfaceEth2OctetsOutput Cumulative sum of traffic from the HSM to date Count Average ClusterId, HsmId
InterfaceEth2OctetsOutput Count Average ClusterId
InterfaceEth2OctetsOutput Count Average Region
InterfaceEth2PacketsOutput Total number of packets on output Count Average ClusterId, HsmId
InterfaceEth2PacketsOutput Count Average ClusterId
InterfaceEth2PacketsOutput Count Average Region


CloudHSM Classic isn't supported.