29 Oct 2019 02:15 PM - last edited on 17 Jan 2022 08:07 AM by MaciejNeumann
Hi,
The instructions for private browser monitors state that "We store the screenshots in Amazon S3. If you can't see your reference or error screenshots, it means that either your ActiveGate or the browser from which you access Dynatrace can't access the Amazon S3 service."
For Dynatrace Managed, does the above also apply to synthetic monitors executed from public locations? So if my Managed cluster is both hosted AND accessed (via browser) at a private network with no outgoing access to *.s3-accelerate.amazonaws.com:443, will I be able to see the screenshots? So in this scenario my browser wouldn't be able to access AWS either & the images would have to be relayed via the Cluster ActiveGate. I have no way to test this currently for Managed, but at least for Dynatrace SaaS I noticed it's downloading the images directly from s3-accelerate.amazonaws.com.
Solved! Go to Solution.
29 Oct 2019 03:08 PM
That is correct. Unless our documentation distinguishes a difference between SaaS and Managed, you should assume it applies to both.
In that case, an image is downloaded by the user's browser (client). Usually (even for Managed), client's part has an access to the internet. For Managed there's no outgoing connection to S3 services directly from the cluster nodes (server). So yes, if you don't have access to the internet from your browser, an image won't be downloaded. At it applies to SaaS and Managed.
29 Oct 2019 03:33 PM
Thanks for the response! That is pretty much what I suspected, but it's good to have confirmation. I suppose my scenario here is somewhat rare, but at least for the time being in this customer case the Managed portal is indeed only accessible from a specific jump server that's in a very secure network, with no outgoing access to S3.
03 Apr 2020 09:17 AM
Hi RadoSlaw/Kalle, do we know the specific URL's instead of wildcard * in *.s3-accelerate.amazonaws.com:443 ?
03 Apr 2020 12:25 PM - last edited on 24 Mar 2021 12:53 PM by MaciejNeumann
we do, but this might change so we don't recommend sticking to one. You can eventually include AWS IPs: https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
16 Jan 2022 11:44 PM
Hi, not about the S3 IP, but can we have specific URL's instead of wildcard * in *.s3-accelerate.amazonaws.com:443, something like this: ruxit-synth-screencap.s3-accelerate.amazonaws.com? open *.s3-accelerate.amazonaws.com is not a good idea for us, unfortunately. thanks