29 Oct 2019 07:15 AM - last edited on 17 Jan 2022 12:07 AM by MaciejNeumann
The instructions for private browser monitors state that "We store the screenshots in Amazon S3. If you can't see your reference or error screenshots, it means that either your ActiveGate or the browser from which you access Dynatrace can't access the Amazon S3 service."
For Dynatrace Managed, does the above also apply to synthetic monitors executed from public locations? So if my Managed cluster is both hosted AND accessed (via browser) at a private network with no outgoing access to *.s3-accelerate.amazonaws.com:443, will I be able to see the screenshots? So in this scenario my browser wouldn't be able to access AWS either & the images would have to be relayed via the Cluster ActiveGate. I have no way to test this currently for Managed, but at least for Dynatrace SaaS I noticed it's downloading the images directly from s3-accelerate.amazonaws.com.
Solved! Go to Solution.
That is correct. Unless our documentation distinguishes a difference between SaaS and Managed, you should assume it applies to both.
In that case, an image is downloaded by the user's browser (client). Usually (even for Managed), client's part has an access to the internet. For Managed there's no outgoing connection to S3 services directly from the cluster nodes (server). So yes, if you don't have access to the internet from your browser, an image won't be downloaded. At it applies to SaaS and Managed.
Thanks for the response! That is pretty much what I suspected, but it's good to have confirmation. I suppose my scenario here is somewhat rare, but at least for the time being in this customer case the Managed portal is indeed only accessible from a specific jump server that's in a very secure network, with no outgoing access to S3.
Hi RadoSlaw/Kalle, do we know the specific URL's instead of wildcard * in *.s3-accelerate.amazonaws.com:443 ?
03 Apr 2020 04:25 AM - last edited on 24 Mar 2021 05:53 AM by MaciejNeumann
we do, but this might change so we don't recommend sticking to one. You can eventually include AWS IPs: https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
Hi, not about the S3 IP, but can we have specific URL's instead of wildcard * in *.s3-accelerate.amazonaws.com:443, something like this: ruxit-synth-screencap.s3-accelerate.amazonaws.com? open *.s3-accelerate.amazonaws.com is not a good idea for us, unfortunately. thanks