01 Sep 2023
01:11 PM
- last edited on
04 Sep 2023
07:35 AM
by
MaciejNeumann
Thought this would be easy 😞
Currently combining 4 Dynatrace environments (1 for each of our AWS estatesDEV->UAT->STG->PRD), into 1 environment, then using MZ to split the data.
I created 4 MZ rules, and used the AWS account ID to split the data, but this is not reflected in Services / Traces etc.? I would of thought that logically a service running on ECS would just be connected without any hassle? But none of my services show when I select a MZ - so it seems I also need to tag these as well.
Can I tag at our activegateway? Or use the gateway id as a way to split data into MZ?
Frustrated, should be easy
01 Sep 2023 03:06 PM - edited 02 Sep 2023 06:56 PM
Hello @Mat-Moo you can use entity selector to tags your services running on AWS, in my case
type(SERVICE),fromRelationships.runsOn(type(AWS_LAMBDA_FUNCTION),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("XXxxXxxxxXXXX")))
04 Sep 2023 10:46 AM
Thanks, it kinda makes sense, but I'm still not there. I'm using ECS Fargate on AWS, [API requests] if I get the ECS service entityId, I can see a link to the Host, and the host should give me the ability to check AWS accountID? Could I use the activegatewayId as the MZ definer?
Be nice to have an easier way to explore relationships etc. except via api post request 🙂
04 Sep 2023 03:39 PM
If you are using Fargate, I wrote the following article. It would be easy to separate in host groups and later assign host and services to MZ. I'm doing that. AFAIK you can't use AG id.
04 Sep 2023 03:55 PM
We deploy the same container over all the AWS estates, do adding to the container doesn't make sense to me?
Your original reply makes sense, I'm just struggling with the syntax - If I understand this, I need to follow the tree, Service -> Host -> account id, I don't use lambda but I can see that the fromRelationships connects to a HOST, so I thought i could do something like
type(SERVICE),fromRelationships.runsOn(type(HOST),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("XXxxXxxxxXXXX")))
04 Sep 2023 05:55 PM
@Mat-Mooyou need to query the entities API to have all valid relationships but based on what you say:
type(SERVICE),fromRelationships.runsOnHost(type(HOST),fromRelationships.runsOn(type(EC2_INSTANCE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("XXxxXxxxxXXXX"))))
Hope it helps!!!
04 Sep 2023 06:24 PM
All starting to click, but so close but so far. When I use the above and do preview I get no matching entities. Looking at my API responses, runsonHost is good, but then runsOn(type(EC2_INSTANCE) - nothing I can see in the api responses. In fact the fromRelationships only contains a single item. which is a RELATIONAL_DATABASE_SERVICE.
The service is linked to a PROCESS_GROUP which has the AWS_CLUSTER name, I'm wondering if I can use that property metadata to link instead? but this is where my entity selector syntax lets me down - type(SERVICE)->fromRelationship(PROCESS_GROUP)->isAccessableBy(typeAWS_Credentials),awsAccountID("XXX"))
Thanks for help so far btw
04 Sep 2023 07:22 PM
Hi @Mat-Moo under {{baseUrl}}/entityTypes?pageSize=500 you can see the relations. But may be this approach is better.
type(SERVICE),fromRelationships.runsOn(type(PROCESS_GROUP),metadata("AWS_ECS_CLUSTER:arn
ecs:us-west-2:XXXXXXXxxxXXXXXxxXX"))
05 Sep 2023 09:55 AM
I've just realised the ARN includes the AWS account id, so it could be as simple as type(SERVICE),fromRelationships.runsOn(type(PROCESS_GROUP),metadata("AWS_ECS_CLUSTER:*XXX*")) - but now I can't figure out the wildcard selection (Not sure it's possible) - or even metadata.startsWith("AWS_ECS_CLUSTER:xxxx"))
05 Sep 2023 05:17 PM
Unluckily it isn't possible to use Wildcards at that level.
05 Sep 2023 09:57 AM
BTW your last answer is almost perfect, but with 20+ clusternames, would be hard to maintain, hence the wildcard
06 Sep 2023 05:58 PM
type(SERVICE),fromRelationships.runsOnHost(type(HOST),fromRelationships.isNetworkClientOfHost(type(RELATIONAL_DATABASE_SERVICE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("XXXXX"))))
Bit messy but works - I have some services that use non-relational DB's though so need to look at those now as well. In the meantime, looking at the one-agent see if I can inject a tag to make life easier