04 Mar 2022 04:48 AM - last edited on 07 Mar 2022 02:51 AM by MaciejNeumann
We are planning to set up the monitoring for AWS EC2 and RDS. We are doing this first time hence need some guidance.
We would like to know, the pre-requisite to set up the monitoring AWS EC2 instance and RDS.
Solved! Go to Solution.
EC2 instances can be monitored by deploying the Dynatrace OneAgent to the instance, as long as the operating system used is supported. The agent must be able to communicate with your SaaS tenant (or Managed Cluster via Cluster ActiveGate) or you can deploy ActiveGates and have the agents connect via these. I see your questions regarding best practices for ActiveGate deployment was already answered 😉
If you set up AWS monitoring via CloudWatch integration, you're also able to gather certain metrics for EC2 instances, but you'll get more info deploying an agent 🙂
For RDS, the same AWS monitoring is used to gain insight.
I assume you have Dynatrace SaaS? For more info, see here: https://www.dynatrace.com/support/help/shortlink/aws-saas-deployment
Apart from the typical AWS monitoring of EC2, EBS, ELB, and RDS, with Dynatrace you can also monitor other AWS services that influence the performance of your AWS-hosted applications.
I hope this helps a bit.
@andre_vdveen, Thank you for your response. That really helped.
I was about to come to forum to update the thread. I have tested EC2 (OneAgent) and RDS using Cloud Watch Integration (Role based authentication) in my test environment and its working good.
As I will be implementing this at customer side, I encountered with one question, is it possible that, OneAgent installed on EC2 instance will communicate to Dynatrace SaaS via our internal Environment ActiveGate?
If yes, do I need to open a communication (on port 9999) from that EC2 instance to our internal ActiveGate?
How people usually do it? do they let OneAgent to communicate directly to Dynatrace SaaS over 443?
Hi @AK I'm glad you managed to get things going, well done! 🙂
Regarding your question about direct vs. via ActiveGate communication to the SaaS tenant, there isn't a single correct answer in my opinion. Both options are fine and acceptable.
But what I always suggest to our clients is to use an ActiveGate if there are more than only a few hosts that need to communicate to the SaaS tenant, as it reduces admin overhead in opening ports and setting up firewall rules.
Yes, port 9999 is required between OneAgent on EC2 instance and ActiveGate. See here for a diagram that explains the connectivity: https://www.dynatrace.com/support/help/shortlink/sgw-availability#saas-scheme
One of the benefits of deploying an ActiveGate for OneAgent traffic routing is that it can also be used for other functions: https://www.dynatrace.com/support/help/shortlink/activegate-routing-monitoring