Back to Details

dt-obs-aws

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

AWS Cloud Infrastructure

AWS云基础设施

Monitor and analyze AWS resources using Dynatrace Smartscape and DQL. Query AWS services, optimize costs, manage security, and plan capacity across your AWS infrastructure.
使用Dynatrace Smartscape和DQL监控分析AWS资源,可查询AWS服务、优化成本、管理安全,并对整个AWS基础设施做容量规划。

When to Use This Skill

适用场景

Use this skill when the user needs to work with AWS resources in Dynatrace. Load the reference file for the task type:
TaskFile to load
Inventory and topology queries(no additional file — use core patterns above)
Query AWS metric timeseries (CPU, errors, latency)Load 
references/metrics-performance.md
VPC topology, security groups, subnet analysisLoad 
references/vpc-networking-security.md
RDS, DynamoDB, ElastiCache investigationLoad 
references/database-monitoring.md
Lambda, ECS, EKS investigationLoad 
references/serverless-containers.md
ALB/NLB topology, API GatewayLoad 
references/load-balancing-api.md
SQS, SNS, EventBridge, MSKLoad 
references/messaging-event-streaming.md
Unattached resources, tag compliance, lifecycleLoad 
references/resource-management.md
Cost savings, unused resourcesLoad 
references/cost-optimization.md
Capacity headroom, subnet IP, ASG limitsLoad 
references/capacity-planning.md
Security audit, encryption, public accessLoad 
references/security-compliance.md
SG rule analysis (0.0.0.0/0, open ports)Load 
references/security-compliance.md
S3 public access, bucket encryptionLoad 
references/security-compliance.md
EBS volume encryption auditLoad 
references/security-compliance.md
Cost allocation, chargeback, ownershipLoad 
references/resource-ownership.md
当用户需要在Dynatrace中处理AWS资源相关需求时使用本技能。根据任务类型加载对应的参考文件:
任务需加载的文件
资源清单与拓扑查询(无需额外文件——使用上方的核心模式即可)
查询AWS指标时序数据(CPU、错误、延迟)加载 
references/metrics-performance.md
VPC拓扑、安全组、子网分析加载 
references/vpc-networking-security.md
RDS、DynamoDB、ElastiCache排查加载 
references/database-monitoring.md
Lambda、ECS、EKS排查加载 
references/serverless-containers.md
ALB/NLB拓扑、API Gateway加载 
references/load-balancing-api.md
SQS、SNS、EventBridge、MSK加载 
references/messaging-event-streaming.md
未关联资源、标签合规、生命周期管理加载 
references/resource-management.md
成本节约、闲置资源排查加载 
references/cost-optimization.md
容量余量、子网IP、ASG限制检查加载 
references/capacity-planning.md
安全审计、加密、公共访问检查加载 
references/security-compliance.md
安全组规则分析(0.0.0.0/0、开放端口)加载 
references/security-compliance.md
S3公共访问、存储桶加密检查加载 
references/security-compliance.md
EBS卷加密审计加载 
references/security-compliance.md
成本分摊、费用记账、资源归属加载 
references/resource-ownership.md

Core Concepts

核心概念

Entity Types

实体类型

AWS resources use the 
AWS_*
prefix and can be queried using the 
smartscapeNodes
function. All AWS entities are automatically discovered and modeled in Dynatrace Smartscape.
Compute: 
AWS_EC2_INSTANCE
, 
AWS_LAMBDA_FUNCTION
, 
AWS_ECS_CLUSTER
, 
AWS_ECS_SERVICE
, 
AWS_EKS_CLUSTER
Networking: 
AWS_EC2_VPC
, 
AWS_EC2_SUBNET
, 
AWS_EC2_SECURITYGROUP
, 
AWS_EC2_NATGATEWAY
, 
AWS_EC2_VPCENDPOINT
Database: 
AWS_RDS_DBINSTANCE
, 
AWS_RDS_DBCLUSTER
, 
AWS_DYNAMODB_TABLE
, 
AWS_ELASTICACHE_CACHECLUSTER
Storage: 
AWS_S3_BUCKET
, 
AWS_EC2_VOLUME
, 
AWS_EFS_FILESYSTEM
Load Balancing: 
AWS_ELASTICLOADBALANCINGV2_LOADBALANCER
, 
AWS_ELASTICLOADBALANCINGV2_TARGETGROUP
Messaging: 
AWS_SQS_QUEUE
, 
AWS_SNS_TOPIC
, 
AWS_EVENTS_EVENTBUS
, 
AWS_MSK_CLUSTER
AWS资源使用
AWS_*
前缀,可通过
smartscapeNodes
函数查询。所有AWS实体都会在Dynatrace Smartscape中自动发现并建模。
计算资源: 
AWS_EC2_INSTANCE
AWS_LAMBDA_FUNCTION
AWS_ECS_CLUSTER
AWS_ECS_SERVICE
AWS_EKS_CLUSTER
网络资源: 
AWS_EC2_VPC
AWS_EC2_SUBNET
AWS_EC2_SECURITYGROUP
AWS_EC2_NATGATEWAY
AWS_EC2_VPCENDPOINT
数据库资源: 
AWS_RDS_DBINSTANCE
AWS_RDS_DBCLUSTER
AWS_DYNAMODB_TABLE
AWS_ELASTICACHE_CACHECLUSTER
存储资源: 
AWS_S3_BUCKET
AWS_EC2_VOLUME
AWS_EFS_FILESYSTEM
负载均衡资源: 
AWS_ELASTICLOADBALANCINGV2_LOADBALANCER
AWS_ELASTICLOADBALANCINGV2_TARGETGROUP
消息资源: 
AWS_SQS_QUEUE
AWS_SNS_TOPIC
AWS_EVENTS_EVENTBUS
AWS_MSK_CLUSTER

Common AWS Fields

通用AWS字段

All AWS entities include:
  • aws.account.id
    - AWS account identifier
  • aws.region
    - AWS region (e.g., us-east-1)
  • aws.resource.id
    - Unique resource identifier
  • aws.resource.name
    - Resource name
  • aws.arn
    - Amazon Resource Name
  • aws.vpc.id
    - VPC identifier (for VPC-attached resources)
  • aws.subnet.id
    - Subnet identifier
  • aws.availability_zone
    - Availability zone
  • aws.security_group.id
    - Security group IDs (array)
  • tags
    - Resource tags (use 
    tags[TagName]
    )
所有AWS实体都包含以下字段:
  • aws.account.id
    - AWS账户标识符
  • aws.region
    - AWS区域(例如 us-east-1)
  • aws.resource.id
    - 资源唯一标识符
  • aws.resource.name
    - 资源名称
  • aws.arn
    - 亚马逊资源名称(Amazon Resource Name)
  • aws.vpc.id
    - VPC标识符(适用于挂载到VPC的资源)
  • aws.subnet.id
    - 子网标识符
  • aws.availability_zone
    - 可用区
  • aws.security_group.id
    - 安全组ID(数组类型)
  • tags
    - 资源标签(使用
    tags[TagName]
    访问)

Relationship Types

关系类型

AWS entities use these relationship types:
  • is_attached_to
    - Exclusive attachment (e.g., volume to instance)
  • uses
    - Dependency relationship (e.g., instance uses security group)
  • runs_on
    - Vertical relationship (e.g., instance runs on AZ)
  • is_part_of
    - Composition (e.g., instance in cluster)
  • belongs_to
    - Aggregation (e.g., service belongs to cluster)
  • balances
    - Load balancing (e.g., target group balances instances)
  • balanced_by
    - Reverse of balances
AWS实体使用以下关系类型:
  • is_attached_to
    - 独占附属关系(例如:卷挂载到实例)
  • uses
    - 依赖关系(例如:实例使用安全组)
  • runs_on
    - 层级关系(例如:实例运行在可用区上)
  • is_part_of
    - 组成关系(例如:实例属于集群)
  • belongs_to
    - 聚合关系(例如:服务隶属于集群)
  • balances
    - 负载均衡关系(例如:目标组分配流量到实例)
  • balanced_by
    - balances的反向关系

AWS Metric Naming Convention

AWS指标命名规范

Dynatrace ingests AWS metrics and exposes them using this naming pattern:
cloud.aws.<service>.<MetricName>.By.<DimensionName>
The 
<service>
is the lowercase AWS service name, 
<MetricName>
is the original CloudWatch metric name (case-preserved), and 
<DimensionName>
is the CloudWatch dimension used for splitting.
EC2 examples:
CloudWatch metricDynatrace metric key
CPUUtilization
(by InstanceId)
cloud.aws.ec2.CPUUtilization.By.InstanceId
StatusCheckFailed
(by InstanceId)
cloud.aws.ec2.StatusCheckFailed.By.InstanceId
NetworkIn
(by InstanceId)
cloud.aws.ec2.NetworkIn.By.InstanceId
DiskReadOps
(by InstanceId)
cloud.aws.ec2.DiskReadOps.By.InstanceId
Other service examples:
CloudWatch metricDynatrace metric key
RDS 
CPUUtilization
(by DBInstanceIdentifier)
cloud.aws.rds.CPUUtilization.By.DBInstanceIdentifier
Lambda 
Invocations
(by FunctionName)
cloud.aws.lambda.Invocations.By.FunctionName
SQS 
ApproximateNumberOfMessagesVisible
(by QueueName)
cloud.aws.sqs.ApproximateNumberOfMessagesVisible.By.QueueName
ELB 
RequestCount
(by LoadBalancer)
cloud.aws.elasticloadbalancingv2.RequestCount.By.LoadBalancer
To query a metric:
dql
timeseries cpu = avg(cloud.aws.ec2.CPUUtilization.By.InstanceId),
           by: {dt.smartscape_source.id},
  from: now()-1h
| limit 10
Important: Never refer to these as "CloudWatch alerts" or "CloudWatch metrics" in output. Dynatrace monitors AWS resources natively through its AWS integration — these are Dynatrace metrics ingested from AWS.
Dynatrace采集AWS指标并按照以下命名模式对外暴露:
cloud.aws.<service>.<MetricName>.By.<DimensionName>
其中
<service>
是小写的AWS服务名称,
<MetricName>
是原始CloudWatch指标名称(保留大小写),
<DimensionName>
是用于拆分数据的CloudWatch维度。
EC2示例:
CloudWatch指标Dynatrace指标键
CPUUtilization
(按InstanceId)
cloud.aws.ec2.CPUUtilization.By.InstanceId
StatusCheckFailed
(按InstanceId)
cloud.aws.ec2.StatusCheckFailed.By.InstanceId
NetworkIn
(按InstanceId)
cloud.aws.ec2.NetworkIn.By.InstanceId
DiskReadOps
(按InstanceId)
cloud.aws.ec2.DiskReadOps.By.InstanceId
其他服务示例:
CloudWatch指标Dynatrace指标键
RDS 
CPUUtilization
(按DBInstanceIdentifier)
cloud.aws.rds.CPUUtilization.By.DBInstanceIdentifier
Lambda 
Invocations
(按FunctionName)
cloud.aws.lambda.Invocations.By.FunctionName
SQS 
ApproximateNumberOfMessagesVisible
(按QueueName)
cloud.aws.sqs.ApproximateNumberOfMessagesVisible.By.QueueName
ELB 
RequestCount
(按LoadBalancer)
cloud.aws.elasticloadbalancingv2.RequestCount.By.LoadBalancer
查询指标的示例:
dql
timeseries cpu = avg(cloud.aws.ec2.CPUUtilization.By.InstanceId),
           by: {dt.smartscape_source.id},
  from: now()-1h
| limit 10
重要提示: 输出中绝对不要将这些称作"CloudWatch告警"或"CloudWatch指标"。Dynatrace通过自身的AWS集成原生监控AWS资源——这些是从AWS采集的Dynatrace指标

Query Patterns

查询模式

All AWS queries build on four core patterns. Master these and adapt them to any entity type.
所有AWS查询都基于四个核心模式构建,掌握这些模式后可以适配任意实体类型的查询需求。

Pattern 1: Resource Discovery

模式1:资源发现

List resources by type, filter by account/region/VPC/tags, summarize counts:
dql
smartscapeNodes "AWS_*"
| filter aws.account.id == "<AWS_ACCOUNT_ID>" and aws.region == "<AWS_REGION>"
| summarize count = count(), by: {type}
| sort count desc
To list a specific type, replace 
"AWS_*"
with the entity type (e.g., 
"AWS_EC2_INSTANCE"
). Add 
| fields name, aws.account.id, aws.region, ...
to select specific columns. Use 
tags[TagName]
for tag-based filtering.
按类型列出资源,按账户/区域/VPC/标签过滤,汇总统计数量:
dql
smartscapeNodes "AWS_*"
| filter aws.account.id == "<AWS_ACCOUNT_ID>" and aws.region == "<AWS_REGION>"
| summarize count = count(), by: {type}
| sort count desc
如果要列出特定类型的资源,将
"AWS_*"
替换为对应的实体类型(例如
"AWS_EC2_INSTANCE"
)。添加
| fields name, aws.account.id, aws.region, ...
可以选择特定字段。使用
tags[TagName]
可以基于标签过滤。

Pattern 2: Configuration Parsing

模式2:配置解析

Parse 
aws.object
JSON for detailed configuration fields:
dql
smartscapeNodes "AWS_RDS_DBINSTANCE"
| parse aws.object, "JSON:awsjson"
| fieldsAdd engine = awsjson[configuration][engine]
| summarize db_count = count(), by: {engine, aws.region}
Common configuration fields by service:
  • EC2: 
    instanceType
    , 
    state[name]
    , 
    networkInterfaces[0][association][publicIp]
  • RDS: 
    engine
    , 
    multiAZ
    , 
    publiclyAccessible
    , 
    storageEncrypted
    , 
    dbInstanceClass
    , 
    storageType
  • EBS: 
    volumeType
    , 
    size
    , 
    state
  • Lambda: 
    runtime
    , 
    memorySize
  • LB: 
    scheme
    , 
    dnsName
  • KMS: 
    keyState
    , 
    keyUsage
  • ASG: 
    minSize
    , 
    maxSize
    , 
    desiredCapacity
  • Subnet: 
    availableIpAddressCount
    , 
    cidrBlock
  • S3: 
    versioningConfiguration[status]
  • SG: 
    securityGroups
    (array, use 
    arraySize()
    to count)
解析
aws.object
JSON字段获取详细配置信息:
dql
smartscapeNodes "AWS_RDS_DBINSTANCE"
| parse aws.object, "JSON:awsjson"
| fieldsAdd engine = awsjson[configuration][engine]
| summarize db_count = count(), by: {engine, aws.region}
各服务常用配置字段:
  • EC2: 
    instanceType
    state[name]
    networkInterfaces[0][association][publicIp]
  • RDS: 
    engine
    multiAZ
    publiclyAccessible
    storageEncrypted
    dbInstanceClass
    storageType
  • EBS: 
    volumeType
    size
    state
  • Lambda: 
    runtime
    memorySize
  • LB: 
    scheme
    dnsName
  • KMS: 
    keyState
    keyUsage
  • ASG: 
    minSize
    maxSize
    desiredCapacity
  • Subnet: 
    availableIpAddressCount
    cidrBlock
  • S3: 
    versioningConfiguration[status]
  • SG: 
    securityGroups
    (数组,使用
    arraySize()
    统计数量)

Pattern 3: Relationship Traversal

模式3:关系遍历

Follow relationships between resources:
dql
smartscapeNodes "AWS_ELASTICLOADBALANCINGV2_LOADBALANCER"
| parse aws.object, "JSON:awsjson"
| fieldsAdd dnsName = awsjson[configuration][dnsName], scheme = awsjson[configuration][scheme]
| traverse "balanced_by", "AWS_ELASTICLOADBALANCINGV2_TARGETGROUP", direction:backward, fieldsKeep:{dnsName, id}
| fieldsAdd targetGroupName = aws.resource.name
| traverse "balances", "AWS_EC2_INSTANCE", fieldsKeep: {targetGroupName, id}
| fieldsAdd loadBalancerDnsName = dt.traverse.history[-2][dnsName],
            loadBalancerId = dt.traverse.history[-2][id],
            targetGroupId = dt.traverse.history[-1][id]
Key traversal pairs:
  • LB → Target Groups: 
    traverse "balanced_by", "AWS_ELASTICLOADBALANCINGV2_TARGETGROUP", direction:backward
  • Target Group → Instances: 
    traverse "balances", "AWS_EC2_INSTANCE"
  • Target Group → Lambda Function: 
    traverse "balances", "AWS_LAMBDA_FUNCTION"
  • ECS Service → Cluster: 
    traverse "belongs_to", "AWS_ECS_CLUSTER"
  • ECS Service → Task Def: 
    traverse "uses", "AWS_ECS_TASKDEFINITION"
  • RDS Instance → Cluster: 
    traverse "is_part_of", "AWS_RDS_DBCLUSTER"
  • RDS Cluster → KMS Key: 
    traverse "uses", "AWS_KMS_KEY"
  • Instance → SG: 
    traverse "uses", "AWS_EC2_SECURITYGROUP"
  • Instance → Availability Zone: 
    traverse "runs_on", "AWS_AVAILABILITY_ZONE"
  • Instance → Subnet: 
    traverse "is_attached_to", "AWS_EC2_SUBNET"
  • Instance → VPC: 
    traverse "is_attached_to", "AWS_EC2_VPC"
  • Instance → Volume: 
    traverse "is_attached_to", "AWS_EC2_VOLUME", direction: backward
  • Lambda Function → IAM Role: 
    traverse "uses", "AWS_IAM_ROLE"
  • Lambda Function → Api Gateway V2: 
    traverse "uses", "AWS_APIGATEWAYV2_INTEGRATION", direction: backward
  • Instance → HOST: 
    traverse "runs_on", "HOST", direction: backward
  • SG blast radius: query instances, traverse to SGs, 
    summarize count(), by: {sg.name}
  • Use 
    fieldsKeep
    to carry fields through traversals, 
    dt.traverse.history[-N]
    to access ancestor fields
追踪资源之间的关联关系:
dql
smartscapeNodes "AWS_ELASTICLOADBALANCINGV2_LOADBALANCER"
| parse aws.object, "JSON:awsjson"
| fieldsAdd dnsName = awsjson[configuration][dnsName], scheme = awsjson[configuration][scheme]
| traverse "balanced_by", "AWS_ELASTICLOADBALANCINGV2_TARGETGROUP", direction:backward, fieldsKeep:{dnsName, id}
| fieldsAdd targetGroupName = aws.resource.name
| traverse "balances", "AWS_EC2_INSTANCE", fieldsKeep: {targetGroupName, id}
| fieldsAdd loadBalancerDnsName = dt.traverse.history[-2][dnsName],
            loadBalancerId = dt.traverse.history[-2][id],
            targetGroupId = dt.traverse.history[-1][id]
常用遍历配对:
  • LB → 目标组: 
    traverse "balanced_by", "AWS_ELASTICLOADBALANCINGV2_TARGETGROUP", direction:backward
  • 目标组 → 实例: 
    traverse "balances", "AWS_EC2_INSTANCE"
  • 目标组 → Lambda函数: 
    traverse "balances", "AWS_LAMBDA_FUNCTION"
  • ECS服务 → 集群: 
    traverse "belongs_to", "AWS_ECS_CLUSTER"
  • ECS服务 → 任务定义: 
    traverse "uses", "AWS_ECS_TASKDEFINITION"
  • RDS实例 → 集群: 
    traverse "is_part_of", "AWS_RDS_DBCLUSTER"
  • RDS集群 → KMS密钥: 
    traverse "uses", "AWS_KMS_KEY"
  • 实例 → 安全组: 
    traverse "uses", "AWS_EC2_SECURITYGROUP"
  • 实例 → 可用区: 
    traverse "runs_on", "AWS_AVAILABILITY_ZONE"
  • 实例 → 子网: 
    traverse "is_attached_to", "AWS_EC2_SUBNET"
  • 实例 → VPC: 
    traverse "is_attached_to", "AWS_EC2_VPC"
  • 实例 → 存储卷: 
    traverse "is_attached_to", "AWS_EC2_VOLUME", direction: backward
  • Lambda函数 → IAM角色: 
    traverse "uses", "AWS_IAM_ROLE"
  • Lambda函数 → Api Gateway V2: 
    traverse "uses", "AWS_APIGATEWAYV2_INTEGRATION", direction: backward
  • 实例 → 主机: 
    traverse "runs_on", "HOST", direction: backward
  • 安全组影响范围: 查询实例,遍历关联安全组,执行
    summarize count(), by: {sg.name}
  • 使用
    fieldsKeep
    在遍历过程中保留字段,使用
    dt.traverse.history[-N]
    访问上层祖先节点的字段

Pattern 4: Tag-Based Ownership

模式4:基于标签的资源归属

Group resources by any tag for ownership/chargeback:
dql
smartscapeNodes "AWS_*"
| filter isNotNull(tags[<TAG_NAME>])
| summarize resource_count = count(), by: {tags[<TAG_NAME>], type}
| sort resource_count desc
Replace 
CostCenter
with any tag: 
Owner
, 
Team
, 
Project
, 
Environment
, 
Application
, 
Department
, 
BusinessUnit
. Replace 
"AWS_*"
with a specific type to scope to one service.
Find untagged resources: 
| filter arraySize(tags) == 0
按任意标签分组资源,用于归属统计/费用分摊:
dql
smartscapeNodes "AWS_*"
| filter isNotNull(tags[<TAG_NAME>])
| summarize resource_count = count(), by: {tags[<TAG_NAME>], type}
| sort resource_count desc
CostCenter
替换为任意标签:
Owner
Team
Project
Environment
Application
Department
BusinessUnit
。将
"AWS_*"
替换为特定实体类型可以限定查询范围到单个服务。
查找未打标签的资源:
| filter arraySize(tags) == 0

Reference Guide

参考指南

Load reference files for detailed queries when the core patterns above need service-specific adaptation.
ReferenceWhen to loadKey content
vpc-networking-security.mdVPC topology, security groups, subnets, NAT, VPN, peeringVPC resource mapping, SG blast radius, public IP detection
database-monitoring.mdRDS, DynamoDB, ElastiCache, RedshiftMulti-AZ checks, engine distribution, subnet groups, dependencies
serverless-containers.mdLambda, ECS, EKS, App RunnerVPC-attached functions, service-to-cluster mapping, container networking
load-balancing-api.mdALB/NLB topology, API Gateway, CloudFrontLB→TG→Instance traversal, listener config, API stage management
messaging-event-streaming.mdSQS, SNS, EventBridge, Kinesis, MSKQueue/topic inventory, streaming analysis, name pattern matching
resource-management.mdResource audits, tag compliance, lifecycleUnattached resources, deleted resources, tag coverage analysis
cost-optimization.mdCost savings, unused resources, sizingEBS costs, instance types, runtime distribution, snapshot analysis
capacity-planning.mdCapacity analysis, scaling, IP utilizationASG headroom, subnet IP counts, ECS desired vs running
security-compliance.mdSecurity audits, encryption, public accessSG rule analysis (0.0.0.0/0, open ports), S3 public access block, EBS encryption, SG blast radius, public DB/LB detection, IAM roles
resource-ownership.mdChargeback, ownership, cost allocationTag-based grouping, multi-account summaries
events.mdLoad to check Auto Scaling, Health, and CloudFormation eventsCloudFormation, Auto Scaling, AWS Health events
workload-detection.mdLoad to determine orchestration context and resolution pathLB, ASG, ECS, EKS, Batch detection for blast radius analysis
metrics-performance.mdLoad to query metric timeseries for a specific resourceDQL timeseries patterns for EC2, Lambda, RDS, SQS, ELB, ECS, DynamoDB
当上述核心模式需要针对特定服务做适配时,加载对应的参考文件获取详细查询规则。
参考文件加载时机核心内容
vpc-networking-security.mdVPC拓扑、安全组、子网、NAT、VPN、对等连接查询VPC资源映射、安全组影响范围分析、公网IP检测
database-monitoring.mdRDS、DynamoDB、ElastiCache、Redshift查询多可用区检查、引擎分布统计、子网组分析、依赖关系查询
serverless-containers.mdLambda、ECS、EKS、App Runner查询VPC挂载函数统计、服务-集群映射、容器网络分析
load-balancing-api.mdALB/NLB拓扑、API Gateway、CloudFront查询LB→TG→实例关系遍历、监听器配置检查、API阶段管理
messaging-event-streaming.mdSQS、SNS、EventBridge、Kinesis、MSK查询队列/主题清单、流数据分析、名称模式匹配
resource-management.md资源审计、标签合规、生命周期管理未关联资源、已删除资源、标签覆盖率分析
cost-optimization.md成本节约、闲置资源、规格优化EBS成本分析、实例类型统计、运行时分布、快照分析
capacity-planning.md容量分析、弹性扩缩容、IP利用率统计ASG余量、子网IP数量统计、ECS期望实例数与运行实例数对比
security-compliance.md安全审计、加密检查、公共访问检测安全组规则分析(0.0.0.0/0、开放端口)、S3公共访问阻断检查、EBS加密检查、安全组影响范围分析、公网数据库/LB检测、IAM角色分析
resource-ownership.md费用分摊、资源归属、成本分配基于标签的分组统计、多账户汇总
events.md自动扩缩容、健康事件、CloudFormation事件检查CloudFormation、Auto Scaling、AWS Health事件查询
workload-detection.md编排上下文识别、问题根因路径定位LB、ASG、ECS、EKS、Batch检测,用于影响范围分析
metrics-performance.md特定资源的指标时序数据查询EC2、Lambda、RDS、SQS、ELB、ECS、DynamoDB的DQL时序查询模式

Best Practices

最佳实践

Query Optimization

查询优化

  1. Filter early by account and region
  2. Use specific entity types (avoid 
    "AWS_*"
    wildcards when possible)
  3. Limit results with 
    | limit N
    for exploration
  4. Use 
    isNotNull()
    checks before accessing nested fields
  1. 优先按账户和区域过滤数据
  2. 使用具体的实体类型(尽可能避免使用
    "AWS_*"
    通配符)
  3. 探索查询时使用
    | limit N
    限制返回结果数量
  4. 访问嵌套字段前先使用
    isNotNull()
    做非空检查

Configuration Parsing

配置解析

  1. Always parse 
    aws.object
    with JSON parser: 
    parse aws.object, "JSON:awsjson"
  2. Use consistent field naming: 
    fieldsAdd configField = awsjson[configuration][field]
  3. Check for null values after parsing
  4. Use 
    toString()
    for complex nested objects
  1. 始终使用JSON解析器解析
    aws.object
    parse aws.object, "JSON:awsjson"
  2. 使用统一的字段命名规则:
    fieldsAdd configField = awsjson[configuration][field]
  3. 解析后检查空值
  4. 复杂嵌套对象使用
    toString()
    转换

Security Fields

安全字段处理

  1. Security group IDs are arrays - use 
    contains()
    or 
    expand
  2. Parse 
    aws.object
    for detailed security context
  3. Check 
    publiclyAccessible
    , 
    storageEncrypted
    , and similar flags
  1. 安全组ID是数组类型——使用
    contains()
    expand
    处理
  2. 解析
    aws.object
    获取详细安全上下文
  3. 检查
    publiclyAccessible
    storageEncrypted
    等相关标识

Tagging Strategy

标签策略

  1. Use 
    tags[TagName]
    for filtering
  2. Check 
    arraySize(tags)
    for untagged resources
  3. Track tag coverage with summarize operations
  1. 使用
    tags[TagName]
    做过滤
  2. 使用
    arraySize(tags)
    检查未打标签的资源
  3. 使用summarize操作统计标签覆盖率

Limitations and Notes

限制与注意事项

Smartscape Limitations

Smartscape限制

  • AWS object configuration requires parsing with 
    parse aws.object, "JSON:awsjson"
  • AWS metrics are available as Dynatrace metrics using the 
    cloud.aws.*
    naming convention (see AWS Metric Naming Convention)
  • Resource discovery depends on AWS integration configuration
  • Tag synchronization may have slight delays
  • AWS对象配置需要使用
    parse aws.object, "JSON:awsjson"
    解析
  • AWS指标以
    cloud.aws.*
    命名规范作为Dynatrace指标提供(参考AWS指标命名规范
  • 资源发现依赖AWS集成配置
  • 标签同步可能存在轻微延迟

Relationship Traversal

关系遍历

  • Use 
    direction:backward
    for reverse relationships (e.g., target group → load balancer)
  • Use 
    fieldsKeep
    to maintain important fields through traversal
  • Access traversal history with 
    dt.traverse.history[-N]
  • Complex topologies may require multiple traverse operations
  • 反向关系使用
    direction:backward
    (例如:目标组 → 负载均衡)
  • 使用
    fieldsKeep
    在遍历过程中保留重要字段
  • 使用
    dt.traverse.history[-N]
    访问遍历历史
  • 复杂拓扑可能需要多次遍历操作

General Tips

通用提示

  • Use 
    getNodeName()
    for human-readable resource names
  • Handle null values gracefully with 
    isNotNull()
    and 
    isNull()
  • Combine region and account filters for large environments
  • Use 
    countDistinct()
    for unique resource counts
  • 使用
    getNodeName()
    获取人类可读的资源名称
  • 使用
    isNotNull()
    isNull()
    优雅处理空值
  • 大规模环境下组合区域和账户过滤条件
  • 使用
    countDistinct()
    统计唯一资源数量