Showing results for 
Show  only  | Search instead for 
Did you mean: 

Management Zone Access for AWS Services - Proactively Setting up Access vs Reactive


We are struggling right now with how to proactively set up management zones with rules that will pick up Amazon Web Services, hosts, etc so that anyone who has access to the mgmt zone, has access to their things in Dynatrace. A lot of what we have now is someone reaching out after the fact and saying hey I can't see this new service I spun up then we figure out it is in Dynatrace, we just need to adjust their mgmt zone rules. Had this very thing happen yesterday with someone who deployed the agent to AWS fargate.


For ones who don't simply give access to everything in Dynatrace, how are you handling your mgmt zones? Strictly related to AWS. I'm starting to steer towards having the customer add in the env variable DT_CUSTOM_PROP then we would have an auto tag rule setup to turn that metadata into a tag. The mgmt zone then would look at that tag and anything with that tag would fall into the mgmt zone. However, I don't know if this approach is available for all things that we would be spinning up in AWS. I also looked at integrating their AWS account with Dynatrace and using an entity selector. That seems to work ok (at least for some things such as lambdas) but only if their account is integrated and we can't make it a standard where every AWS account is added to Dynatrace.


Is anyone else dealing with this same issue and has found a good workaround?


DynaMight Legend
DynaMight Legend

So we leverage the DT Metadata/Custom Props and Tags. We also have a Json formulated that then allows us to define out values before the entities are actually in Dynatrace. For example, We create rules from Processes, Services and Hosts that have ApplicationName=<Value> then the associated web apps which will be based off the app name, and then the associated subscriptions as well. Once the placeholders are updated, we post them into Dynatrace and we are done. As the teams onboard their hosts, they automatically get the metadata, tags apply, and MZs apply. This allow us to get everything set before hand and then we can say there is no hold up on our end, you need to deploy and it will show up. 


Featured Posts