This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AWS Integration

Go to solution
Prithvi_Mandal
Participant

‎10 Oct 2024 10:48 AM - last edited on ‎15 Oct 2024 09:52 AM by Community Team

Dear Team,

We have two different AWS account one is 'A' and another one is 'B' , As we know for AWS integration with Dynatrace

we have to deploy ActiveGate on same  AWS account, Now my question is if I deploy ActiveGate on A ( AWS Account) then can I use same ActiveGate to integrate with B (AWS account).

Kindly let me know this approach is feasible  or not. 

Thanks & Regard

Prithvi

 

Labels:
0 Kudos
Reply
5 REPLIES 5

Go to solution
dawid_kaszubski
Dynatrace Participant
Dynatrace Participant

‎10 Oct 2024 11:23 AM

Hi @Prithvi_Mandal ,
Yes, you can definitely use an ActiveGate deployed on the A account to monitor the B account. 
Please remember that you need a DynatraceMonitoringRole in the B account with the A account in the Trust Relationships. 
So, in the A account Dynatrace_ActiveGate_role's permissions should look like that:

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Action": [
            "sts:AssumeRole"
         ],
         "Resource": [
            "arn:aws:iam::<accountA>:role/Dynatrace_monitoring_role",
            "arn:aws:iam::<accountB>:role/Dynatrace_monitoring_role"
         ],
         "Effect": "Allow"
      }
   ]
}

 And in the B account DynatraceMonitoringRole's Trust Relationships should look like:

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": {
            "AWS": [
               "arn:aws:iam::<accountA>:role/Dynatrace_ActiveGate"
            ]
         },
         "Action": "sts:AssumeRole",
         "Condition": {
            "StringEquals": {
               "sts:ExternalId": "<ExternalId>"
            }
         }
      }
   ]
}
Product Owner of Cloud Monitoring
Reply

Go to solution
Prithvi_Mandal
Participant
In response to dawid_kaszubski

‎10 Oct 2024 11:25 AM

thanks you @dawid_kaszubski  for your suggestion.

0 Kudos
Reply

Go to solution
Prithvi_Mandal
Participant
In response to dawid_kaszubski

‎24 Nov 2024 09:33 PM

Hii @dawid_kaszubski ,

Some confusion that , activegate deployed on A account already in use to monitored other AWS account (ie C account. but I want to use same activegate to monitored B account.

Please find attached template , Is there any need to change this template.

 

 

0 Kudos
Reply

Go to solution
dawid_kaszubski
Dynatrace Participant
Dynatrace Participant
In response to Prithvi_Mandal

‎26 Nov 2024 05:29 PM

Hi @Prithvi_Mandal , the CloudFormation template you attached is tailored to use only one `DynatraceMonitoringRole`.  It's defined in line :49.
`- !Sub 'arn:aws:iam::${MonitoredAccountID}:role/${MonitoringRoleName}'
I've attached an example template for two accounts. If you want to monitor more accounts, you can configure it in the same manner. 

Product Owner of Cloud Monitoring
0 Kudos
Reply

Go to solution
p_devulapalli
Champion

‎10 Oct 2024 11:26 AM

@Prithvi_Mandal Here is some documentation you can refer to , look under "Deployment with existing ActiveGate"

https://docs.dynatrace.com/docs/shortlink/aws-monitoring-guide#aws-policy-and-authentication

 

Phani Devulapalli
0 Kudos
Reply
Ask a question

Featured Posts