Solved: AWS SRE Agent - OAuth Permissions

justnoob08 · ‎25 Jun 2026

Hi, Everyone.

I'm trying to figure out the recommended permissions to assign to the OAuth Client to be used by the AWS SRE Agent.

AWS Documentation only states "Create OAuth client in Dynatrace, with the detailed permissions." and the Link to Dynatrace documentation is for the Steps to Create but did not indicate the permission it requires.

Thank you

christian_kreuz · ‎25 Jun 2026

Hi!

There used to be a link with concrete information in there, which might have gone missing. We're going to restore the details, and come back to you with the concrete OAuth Client scopes as soon as possible.

Best regards,

Christian

christian_kreuz · ‎25 Jun 2026

Hi,

the necessary permissions are visible directly in the AWS UI when onboarding Dynatrace as a capability / telemetry provider.

For reference, this is the current list (as of June 2026):

storage:bizevents:read
storage:logs:read
storage:events:read
storage:metrics:read
storage:system:read
storage:buckets:read
storage:spans:read
storage:entities:read
storage:smartscape:read
storage:fieldsets:read
storage:user.events:read
storage:security.events:read
openpipeline:events:ingest

justnoob08 · ‎26 Jun 2026

Thank you Appreciate the Help