How do I start Amazon Web Services monitoring?

You can integrate Dynatrace with Amazon Web Services (AWS) for intelligent monitoring of services running in the Amazon Cloud. AWS integration helps you stay on top of the dynamics of your data center in the cloud.

Before you begin

What you need

  • Your Amazon Web Services account ID

  • Rights to assign role-based access to your AWS account

  • Your Amazon Access key ID and Secret access key

  • Dynatrace AWS account name: 509560245411

Note

Amazon may charge $0.01 per 1,000 requests for CloudWatch API access after the number of requests exceeds 1 million.

After 1 million requests, Amazon will begin charging you for each request and include the cost in your AWS bill.

Dynatrace makes Amazon API requests every 5 minutes. We make one API call per metric. Here’s a rough estimate of AWS monitoring costs:

AWS service Number of metrics Daily cost per instance (USD)
Elastic Compute Cloud (EC2) 7 $0.02016
Elastic Block Store (EBS) 8 $0.02304
Elastic Load Balancer (ELB) 11 $0.03168
Relational Database Service (RDS) 11 $0.03168
DynamoDB 15 $0.06912
Lambda 4 $0.01152

Enable access to your Amazon account

To get the information required for comprehensive AWS cloud-computing monitoring, Dynatrace needs to identify all the virtualized infrastructure components that are in your AWS environment and collect performance metrics related to those components. We use this information to understand the context of your applications, services, and hosts. For this to happen, you need to authorize Dynatrace to access your Amazon metrics.

You can enable Dynatrace access to your AWS metrics by either defining a special role for Dynatrace or using a private access key:

Create role-based access

Go to Identity and Access Management (IAM) in your Amazon Console.

Go to Roles and create a new role for Dynatrace.

Select the Role for Cross-Account Access role type and then click Select to allow IAM users from a 3rd party AWS account to access your account.

Establish trust with the Dynatrace account.
Type 509560245411 as the Account ID that can access your account.
Take note of the External ID; you’ll need it later.

Skip attaching the existing policy by proceeding to next step.

On the Review page, click Create Role.

In the Permissions section, expand Inline Policies, and click the click here link to view instructions for setting up an inline policy.

  • In the Set Permissions section, select Custom Policy.
  • Create the policy. In the Policy Name field, type a name for the policy (for example, Watch-policy). In the Policy Document field, paste the AWS policy.
  • Click the Apply Policy button.

For more complete instructions, please see Amazon Identity and Access Management (IAM) documentation.

Create key-based access

Dynatrace can use access keys to make secure REST or Query protocol requests to the AWS service API. You’ll need to generate an Access key ID and a Secret access key that Dynatrace can use to get metrics from Amazon Web Services.

Go to Identity and Access Management (IAM) in your Amazon Console.

Go to Users and click Create New Users.

Enter a name for the key you want to create (for example, keyWatch or key-Dynatrace-AWS-monitoring). The Generate an access key for each user check box is selected by default. Click the Create button.

Store the key name (AKID) and secret access key value.
You can either download the user credentials or copy the credentials displayed online (click Show User Security Credentials ).

Close the user creation panel and search for the newly created user.

In Permissions expand Inline Policies, and then follow the instructions:

  • In the Set Permissions section, select Custom Policy.

  • Create the policy. In the Policy Name field, type a name for the policy (for example Watch-policy). In the Policy Document field, paste the following policy:
    AWS policy.

  • Finish by clicking the Apply Policy button.

For more complete instructions, please see the Amazon Getting Started Guide.

Connect your Amazon account to Dynatrace

Once you determine which access approach best serves your needs (role-based or key-based access) and you’ve granted AWS access to Dynatrace, it’s time to connect Dynatrace to your Amazon AWS account.

Go to Settings > Cloud & virtualization > AWS & WMware and click Connect new instance.

Select either the AWS (role based) or AWS (key based) tab to open the appropriate connection details form.

Create a connection based on role authentication
  • Create a name for this connection. If you leave this field empty the name Role will be used on Dynatrace pages to define this connection.
  • In the Role field, type the name of the role you created in Amazon for Dynatrace.
  • Type your Account ID (the account you want us to pull metrics from).
  • Type the External ID that you created in Amazon for Dynatrace access.
  • Click Connect to verify and save the connection.
Create a connection based on key authentication
  • Create a name for this connection. This is mandatory. Dynatrace needs this name to identify and display the connection.
  • In the Access key ID field, paste the key you created in Amazon for Dynatrace access.
  • In the Secret access key field, paste the key you created in Amazon for Dynatrace access.
  • Click Connect to verify and save the connection.

Once the connection is successfully verified and saved, your AWS account will be listed on the Cloud & virtualization settings page. You should soon begin to see AWS cloud monitoring data.

AWS resource tagging

Have questions about tag-based AWS monitoring? For details see How do I tag AWS resources?