dt-obs-aws

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

AWS Cloud Infrastructure

AWS云基础设施

Monitor and analyze AWS resources using Dynatrace Smartscape and DQL. Query AWS services, optimize costs, manage security, and plan capacity across your AWS infrastructure.

使用Dynatrace Smartscape和DQL监控分析AWS资源，可查询AWS服务、优化成本、管理安全，并对整个AWS基础设施做容量规划。

When to Use This Skill

适用场景

Use this skill when the user needs to work with AWS resources in Dynatrace. Load the reference file for the task type:

Task	File to load
Inventory and topology queries	(no additional file — use core patterns above)
Query AWS metric timeseries (CPU, errors, latency)	Load `references/metrics-performance.md`
VPC topology, security groups, subnet analysis	Load `references/vpc-networking-security.md`
RDS, DynamoDB, ElastiCache investigation	Load `references/database-monitoring.md`
Lambda, ECS, EKS investigation	Load `references/serverless-containers.md`
ALB/NLB topology, API Gateway	Load `references/load-balancing-api.md`
SQS, SNS, EventBridge, MSK	Load `references/messaging-event-streaming.md`
Unattached resources, tag compliance, lifecycle	Load `references/resource-management.md`
Cost savings, unused resources	Load `references/cost-optimization.md`
Capacity headroom, subnet IP, ASG limits	Load `references/capacity-planning.md`
Security audit, encryption, public access	Load `references/security-compliance.md`
SG rule analysis (0.0.0.0/0, open ports)	Load `references/security-compliance.md`
S3 public access, bucket encryption	Load `references/security-compliance.md`
EBS volume encryption audit	Load `references/security-compliance.md`
Cost allocation, chargeback, ownership	Load `references/resource-ownership.md`

当用户需要在Dynatrace中处理AWS资源相关需求时使用本技能。根据任务类型加载对应的参考文件：

任务	需加载的文件
资源清单与拓扑查询	（无需额外文件——使用上方的核心模式即可）
查询AWS指标时序数据（CPU、错误、延迟）	加载 `references/metrics-performance.md`
VPC拓扑、安全组、子网分析	加载 `references/vpc-networking-security.md`
RDS、DynamoDB、ElastiCache排查	加载 `references/database-monitoring.md`
Lambda、ECS、EKS排查	加载 `references/serverless-containers.md`
ALB/NLB拓扑、API Gateway	加载 `references/load-balancing-api.md`
SQS、SNS、EventBridge、MSK	加载 `references/messaging-event-streaming.md`
未关联资源、标签合规、生命周期管理	加载 `references/resource-management.md`
成本节约、闲置资源排查	加载 `references/cost-optimization.md`
容量余量、子网IP、ASG限制检查	加载 `references/capacity-planning.md`
安全审计、加密、公共访问检查	加载 `references/security-compliance.md`
安全组规则分析（0.0.0.0/0、开放端口）	加载 `references/security-compliance.md`
S3公共访问、存储桶加密检查	加载 `references/security-compliance.md`
EBS卷加密审计	加载 `references/security-compliance.md`
成本分摊、费用记账、资源归属	加载 `references/resource-ownership.md`

Core Concepts

核心概念

Entity Types

实体类型

AWS resources use the

AWS_*

prefix and can be queried using the

smartscapeNodes

function. All AWS entities are automatically discovered and modeled in Dynatrace Smartscape.

Compute:

AWS_EC2_INSTANCE

AWS_LAMBDA_FUNCTION

AWS_ECS_CLUSTER

AWS_ECS_SERVICE

AWS_EKS_CLUSTER

Networking:

AWS_EC2_VPC

AWS_EC2_SUBNET

AWS_EC2_SECURITYGROUP

AWS_EC2_NATGATEWAY

AWS_EC2_VPCENDPOINT

Database:

AWS_RDS_DBINSTANCE

AWS_RDS_DBCLUSTER

AWS_DYNAMODB_TABLE

AWS_ELASTICACHE_CACHECLUSTER

Storage:

AWS_S3_BUCKET

AWS_EC2_VOLUME

AWS_EFS_FILESYSTEM

Load Balancing:

AWS_ELASTICLOADBALANCINGV2_LOADBALANCER

AWS_ELASTICLOADBALANCINGV2_TARGETGROUP

Messaging:

AWS_SQS_QUEUE

AWS_SNS_TOPIC

AWS_EVENTS_EVENTBUS

AWS_MSK_CLUSTER

AWS资源使用

AWS_*

前缀，可通过

smartscapeNodes

函数查询。所有AWS实体都会在Dynatrace Smartscape中自动发现并建模。

计算资源：

AWS_EC2_INSTANCE

、

AWS_LAMBDA_FUNCTION

、

AWS_ECS_CLUSTER

、

AWS_ECS_SERVICE

、

AWS_EKS_CLUSTER

网络资源：

AWS_EC2_VPC

、

AWS_EC2_SUBNET

、

AWS_EC2_SECURITYGROUP

、

AWS_EC2_NATGATEWAY

、

AWS_EC2_VPCENDPOINT

数据库资源：

AWS_RDS_DBINSTANCE

、

AWS_RDS_DBCLUSTER

、

AWS_DYNAMODB_TABLE

、

AWS_ELASTICACHE_CACHECLUSTER

存储资源：

AWS_S3_BUCKET

、

AWS_EC2_VOLUME

、

AWS_EFS_FILESYSTEM

负载均衡资源：

AWS_ELASTICLOADBALANCINGV2_LOADBALANCER

、

AWS_ELASTICLOADBALANCINGV2_TARGETGROUP

消息资源：

AWS_SQS_QUEUE

、

AWS_SNS_TOPIC

、

AWS_EVENTS_EVENTBUS

、

AWS_MSK_CLUSTER

Common AWS Fields

通用AWS字段

All AWS entities include:

```
aws.account.id
```
- AWS account identifier
```
aws.region
```
- AWS region (e.g., us-east-1)
```
aws.resource.id
```
- Unique resource identifier
```
aws.resource.name
```
- Resource name
```
aws.arn
```
- Amazon Resource Name
```
aws.vpc.id
```
- VPC identifier (for VPC-attached resources)
```
aws.subnet.id
```
- Subnet identifier
```
aws.availability_zone
```
- Availability zone
```
aws.security_group.id
```
- Security group IDs (array)
```
tags
```
- Resource tags (use
```
tags[TagName]
```
)

所有AWS实体都包含以下字段：

```
aws.account.id
```
- AWS账户标识符
```
aws.region
```
- AWS区域（例如 us-east-1）
```
aws.resource.id
```
- 资源唯一标识符
```
aws.resource.name
```
- 资源名称
```
aws.arn
```
- 亚马逊资源名称（Amazon Resource Name）
```
aws.vpc.id
```
- VPC标识符（适用于挂载到VPC的资源）
```
aws.subnet.id
```
- 子网标识符
```
aws.availability_zone
```
- 可用区
```
aws.security_group.id
```
- 安全组ID（数组类型）
```
tags
```
- 资源标签（使用
```
tags[TagName]
```
访问）

Relationship Types

关系类型

AWS entities use these relationship types:

```
is_attached_to
```
- Exclusive attachment (e.g., volume to instance)
```
uses
```
- Dependency relationship (e.g., instance uses security group)
```
runs_on
```
- Vertical relationship (e.g., instance runs on AZ)
```
is_part_of
```
- Composition (e.g., instance in cluster)
```
belongs_to
```
- Aggregation (e.g., service belongs to cluster)
```
balances
```
- Load balancing (e.g., target group balances instances)
```
balanced_by
```
- Reverse of balances

AWS实体使用以下关系类型：

```
is_attached_to
```
- 独占附属关系（例如：卷挂载到实例）
```
uses
```
- 依赖关系（例如：实例使用安全组）
```
runs_on
```
- 层级关系（例如：实例运行在可用区上）
```
is_part_of
```
- 组成关系（例如：实例属于集群）
```
belongs_to
```
- 聚合关系（例如：服务隶属于集群）
```
balances
```
- 负载均衡关系（例如：目标组分配流量到实例）
```
balanced_by
```
- balances的反向关系

AWS Metric Naming Convention

AWS指标命名规范

Dynatrace ingests AWS metrics and exposes them using this naming pattern:

cloud.aws.<service>.<MetricName>.By.<DimensionName>

The

<service>

is the lowercase AWS service name,

<MetricName>

is the original CloudWatch metric name (case-preserved), and

<DimensionName>

is the CloudWatch dimension used for splitting.

EC2 examples:

CloudWatch metric	Dynatrace metric key
`CPUUtilization` (by InstanceId)	`cloud.aws.ec2.CPUUtilization.By.InstanceId`
`StatusCheckFailed` (by InstanceId)	`cloud.aws.ec2.StatusCheckFailed.By.InstanceId`
`NetworkIn` (by InstanceId)	`cloud.aws.ec2.NetworkIn.By.InstanceId`
`DiskReadOps` (by InstanceId)	`cloud.aws.ec2.DiskReadOps.By.InstanceId`

Other service examples:

CloudWatch metric	Dynatrace metric key
RDS `CPUUtilization` (by DBInstanceIdentifier)	`cloud.aws.rds.CPUUtilization.By.DBInstanceIdentifier`
Lambda `Invocations` (by FunctionName)	`cloud.aws.lambda.Invocations.By.FunctionName`
SQS `ApproximateNumberOfMessagesVisible` (by QueueName)	`cloud.aws.sqs.ApproximateNumberOfMessagesVisible.By.QueueName`
ELB `RequestCount` (by LoadBalancer)	`cloud.aws.elasticloadbalancingv2.RequestCount.By.LoadBalancer`

To query a metric:

dql

timeseries cpu = avg(cloud.aws.ec2.CPUUtilization.By.InstanceId),
           by: {dt.smartscape_source.id},
  from: now()-1h
| limit 10

Important: Never refer to these as "CloudWatch alerts" or "CloudWatch metrics" in output. Dynatrace monitors AWS resources natively through its AWS integration — these are Dynatrace metrics ingested from AWS.

Dynatrace采集AWS指标并按照以下命名模式对外暴露：

cloud.aws.<service>.<MetricName>.By.<DimensionName>

其中

<service>

是小写的AWS服务名称，

<MetricName>

是原始CloudWatch指标名称（保留大小写），

<DimensionName>

是用于拆分数据的CloudWatch维度。

EC2示例：

CloudWatch指标	Dynatrace指标键
`CPUUtilization` (按InstanceId)	`cloud.aws.ec2.CPUUtilization.By.InstanceId`
`StatusCheckFailed` (按InstanceId)	`cloud.aws.ec2.StatusCheckFailed.By.InstanceId`
`NetworkIn` (按InstanceId)	`cloud.aws.ec2.NetworkIn.By.InstanceId`
`DiskReadOps` (按InstanceId)	`cloud.aws.ec2.DiskReadOps.By.InstanceId`

其他服务示例：

CloudWatch指标	Dynatrace指标键
RDS `CPUUtilization` (按DBInstanceIdentifier)	`cloud.aws.rds.CPUUtilization.By.DBInstanceIdentifier`
Lambda `Invocations` (按FunctionName)	`cloud.aws.lambda.Invocations.By.FunctionName`
SQS `ApproximateNumberOfMessagesVisible` (按QueueName)	`cloud.aws.sqs.ApproximateNumberOfMessagesVisible.By.QueueName`
ELB `RequestCount` (按LoadBalancer)	`cloud.aws.elasticloadbalancingv2.RequestCount.By.LoadBalancer`

查询指标的示例：

dql

timeseries cpu = avg(cloud.aws.ec2.CPUUtilization.By.InstanceId),
           by: {dt.smartscape_source.id},
  from: now()-1h
| limit 10

重要提示： 输出中绝对不要将这些称作"CloudWatch告警"或"CloudWatch指标"。Dynatrace通过自身的AWS集成原生监控AWS资源——这些是从AWS采集的Dynatrace指标。

Query Patterns

查询模式

All AWS queries build on four core patterns. Master these and adapt them to any entity type.

所有AWS查询都基于四个核心模式构建，掌握这些模式后可以适配任意实体类型的查询需求。

Pattern 1: Resource Discovery

模式1：资源发现

List resources by type, filter by account/region/VPC/tags, summarize counts:

dql

smartscapeNodes "AWS_*"
| filter aws.account.id == "<AWS_ACCOUNT_ID>" and aws.region == "<AWS_REGION>"
| summarize count = count(), by: {type}
| sort count desc

To list a specific type, replace

"AWS_*"

with the entity type (e.g.,

"AWS_EC2_INSTANCE"

). Add

| fields name, aws.account.id, aws.region, ...

to select specific columns. Use

tags[TagName]

for tag-based filtering.

按类型列出资源，按账户/区域/VPC/标签过滤，汇总统计数量：

dql

smartscapeNodes "AWS_*"
| filter aws.account.id == "<AWS_ACCOUNT_ID>" and aws.region == "<AWS_REGION>"
| summarize count = count(), by: {type}
| sort count desc

如果要列出特定类型的资源，将

"AWS_*"

替换为对应的实体类型（例如

"AWS_EC2_INSTANCE"

）。添加

| fields name, aws.account.id, aws.region, ...

可以选择特定字段。使用

tags[TagName]

可以基于标签过滤。

Pattern 2: Configuration Parsing

模式2：配置解析

Parse

aws.object

JSON for detailed configuration fields:

dql

smartscapeNodes "AWS_RDS_DBINSTANCE"
| parse aws.object, "JSON:awsjson"
| fieldsAdd engine = awsjson[configuration][engine]
| summarize db_count = count(), by: {engine, aws.region}

Common configuration fields by service:

EC2:

instanceType

state[name]

networkInterfaces[0][association][publicIp]

RDS:

engine

multiAZ

publiclyAccessible

storageEncrypted

dbInstanceClass

storageType

EBS:
```
volumeType
```
,
```
size
```
,
```
state
```
Lambda:
```
runtime
```
,
```
memorySize
```
LB:
```
scheme
```
,
```
dnsName
```
KMS:
```
keyState
```
,
```
keyUsage
```
ASG:
```
minSize
```
,
```
maxSize
```
,
```
desiredCapacity
```
Subnet:
```
availableIpAddressCount
```
,
```
cidrBlock
```
S3:
```
versioningConfiguration[status]
```
SG:
```
securityGroups
```
(array, use
```
arraySize()
```
to count)

解析

aws.object

JSON字段获取详细配置信息：

dql

smartscapeNodes "AWS_RDS_DBINSTANCE"
| parse aws.object, "JSON:awsjson"
| fieldsAdd engine = awsjson[configuration][engine]
| summarize db_count = count(), by: {engine, aws.region}

各服务常用配置字段：

EC2:

instanceType

、

state[name]

、

networkInterfaces[0][association][publicIp]

RDS:

engine

、

multiAZ

、

publiclyAccessible

、

storageEncrypted

、

dbInstanceClass

、

storageType

EBS:
```
volumeType
```
、
```
size
```
、
```
state
```
Lambda:
```
runtime
```
、
```
memorySize
```
LB:
```
scheme
```
、
```
dnsName
```
KMS:
```
keyState
```
、
```
keyUsage
```
ASG:
```
minSize
```
、
```
maxSize
```
、
```
desiredCapacity
```
Subnet:
```
availableIpAddressCount
```
、
```
cidrBlock
```
S3:
```
versioningConfiguration[status]
```
SG:
```
securityGroups
```
(数组，使用
```
arraySize()
```
统计数量)

Pattern 3: Relationship Traversal

模式3：关系遍历

Follow relationships between resources:

dql

smartscapeNodes "AWS_ELASTICLOADBALANCINGV2_LOADBALANCER"
| parse aws.object, "JSON:awsjson"
| fieldsAdd dnsName = awsjson[configuration][dnsName], scheme = awsjson[configuration][scheme]
| traverse "balanced_by", "AWS_ELASTICLOADBALANCINGV2_TARGETGROUP", direction:backward, fieldsKeep:{dnsName, id}
| fieldsAdd targetGroupName = aws.resource.name
| traverse "balances", "AWS_EC2_INSTANCE", fieldsKeep: {targetGroupName, id}
| fieldsAdd loadBalancerDnsName = dt.traverse.history[-2][dnsName],
            loadBalancerId = dt.traverse.history[-2][id],
            targetGroupId = dt.traverse.history[-1][id]

Key traversal pairs:

LB → Target Groups:

traverse "balanced_by", "AWS_ELASTICLOADBALANCINGV2_TARGETGROUP", direction:backward

Target Group → Instances:
```
traverse "balances", "AWS_EC2_INSTANCE"
```

Target Group → Lambda Function:

traverse "balances", "AWS_LAMBDA_FUNCTION"

ECS Service → Cluster:

traverse "belongs_to", "AWS_ECS_CLUSTER"

ECS Service → Task Def:

traverse "uses", "AWS_ECS_TASKDEFINITION"

RDS Instance → Cluster:

traverse "is_part_of", "AWS_RDS_DBCLUSTER"

RDS Cluster → KMS Key:
```
traverse "uses", "AWS_KMS_KEY"
```

Instance → SG:

traverse "uses", "AWS_EC2_SECURITYGROUP"

Instance → Availability Zone:

traverse "runs_on", "AWS_AVAILABILITY_ZONE"

Instance → Subnet:

traverse "is_attached_to", "AWS_EC2_SUBNET"

Instance → VPC:

traverse "is_attached_to", "AWS_EC2_VPC"

Instance → Volume:

traverse "is_attached_to", "AWS_EC2_VOLUME", direction: backward

Lambda Function → IAM Role:
```
traverse "uses", "AWS_IAM_ROLE"
```

Lambda Function → Api Gateway V2:

traverse "uses", "AWS_APIGATEWAYV2_INTEGRATION", direction: backward

Instance → HOST:

traverse "runs_on", "HOST", direction: backward

SG blast radius: query instances, traverse to SGs,
```
summarize count(), by: {sg.name}
```
Use
```
fieldsKeep
```
to carry fields through traversals,
```
dt.traverse.history[-N]
```
to access ancestor fields

追踪资源之间的关联关系：

dql

smartscapeNodes "AWS_ELASTICLOADBALANCINGV2_LOADBALANCER"
| parse aws.object, "JSON:awsjson"
| fieldsAdd dnsName = awsjson[configuration][dnsName], scheme = awsjson[configuration][scheme]
| traverse "balanced_by", "AWS_ELASTICLOADBALANCINGV2_TARGETGROUP", direction:backward, fieldsKeep:{dnsName, id}
| fieldsAdd targetGroupName = aws.resource.name
| traverse "balances", "AWS_EC2_INSTANCE", fieldsKeep: {targetGroupName, id}
| fieldsAdd loadBalancerDnsName = dt.traverse.history[-2][dnsName],
            loadBalancerId = dt.traverse.history[-2][id],
            targetGroupId = dt.traverse.history[-1][id]

常用遍历配对：

LB → 目标组：

traverse "balanced_by", "AWS_ELASTICLOADBALANCINGV2_TARGETGROUP", direction:backward

目标组 → 实例：
```
traverse "balances", "AWS_EC2_INSTANCE"
```

目标组 → Lambda函数：

traverse "balances", "AWS_LAMBDA_FUNCTION"

ECS服务 → 集群：

traverse "belongs_to", "AWS_ECS_CLUSTER"

ECS服务 → 任务定义：

traverse "uses", "AWS_ECS_TASKDEFINITION"

RDS实例 → 集群：

traverse "is_part_of", "AWS_RDS_DBCLUSTER"

RDS集群 → KMS密钥：
```
traverse "uses", "AWS_KMS_KEY"
```

实例 → 安全组：

traverse "uses", "AWS_EC2_SECURITYGROUP"

实例 → 可用区：

traverse "runs_on", "AWS_AVAILABILITY_ZONE"

实例 → 子网：

traverse "is_attached_to", "AWS_EC2_SUBNET"

实例 → VPC：

traverse "is_attached_to", "AWS_EC2_VPC"

实例 → 存储卷：

traverse "is_attached_to", "AWS_EC2_VOLUME", direction: backward

Lambda函数 → IAM角色：
```
traverse "uses", "AWS_IAM_ROLE"
```

Lambda函数 → Api Gateway V2：

traverse "uses", "AWS_APIGATEWAYV2_INTEGRATION", direction: backward

实例 → 主机：

traverse "runs_on", "HOST", direction: backward

安全组影响范围： 查询实例，遍历关联安全组，执行
```
summarize count(), by: {sg.name}
```
使用
```
fieldsKeep
```
在遍历过程中保留字段，使用
```
dt.traverse.history[-N]
```
访问上层祖先节点的字段

Pattern 4: Tag-Based Ownership

模式4：基于标签的资源归属

Group resources by any tag for ownership/chargeback:

dql

smartscapeNodes "AWS_*"
| filter isNotNull(tags[<TAG_NAME>])
| summarize resource_count = count(), by: {tags[<TAG_NAME>], type}
| sort resource_count desc

Replace

CostCenter

with any tag:

Owner

Team

Project

Environment

Application

Department

BusinessUnit

. Replace

"AWS_*"

with a specific type to scope to one service.

Find untagged resources:

| filter arraySize(tags) == 0

按任意标签分组资源，用于归属统计/费用分摊：

dql

smartscapeNodes "AWS_*"
| filter isNotNull(tags[<TAG_NAME>])
| summarize resource_count = count(), by: {tags[<TAG_NAME>], type}
| sort resource_count desc

将

CostCenter

替换为任意标签：

Owner

、

Team

、

Project

、

Environment

、

Application

、

Department

、

BusinessUnit

。将

"AWS_*"

替换为特定实体类型可以限定查询范围到单个服务。

查找未打标签的资源：

| filter arraySize(tags) == 0

Reference Guide

参考指南

Load reference files for detailed queries when the core patterns above need service-specific adaptation.

Reference	When to load	Key content
vpc-networking-security.md	VPC topology, security groups, subnets, NAT, VPN, peering	VPC resource mapping, SG blast radius, public IP detection
database-monitoring.md	RDS, DynamoDB, ElastiCache, Redshift	Multi-AZ checks, engine distribution, subnet groups, dependencies
serverless-containers.md	Lambda, ECS, EKS, App Runner	VPC-attached functions, service-to-cluster mapping, container networking
load-balancing-api.md	ALB/NLB topology, API Gateway, CloudFront	LB→TG→Instance traversal, listener config, API stage management
messaging-event-streaming.md	SQS, SNS, EventBridge, Kinesis, MSK	Queue/topic inventory, streaming analysis, name pattern matching
resource-management.md	Resource audits, tag compliance, lifecycle	Unattached resources, deleted resources, tag coverage analysis
cost-optimization.md	Cost savings, unused resources, sizing	EBS costs, instance types, runtime distribution, snapshot analysis
capacity-planning.md	Capacity analysis, scaling, IP utilization	ASG headroom, subnet IP counts, ECS desired vs running
security-compliance.md	Security audits, encryption, public access	SG rule analysis (0.0.0.0/0, open ports), S3 public access block, EBS encryption, SG blast radius, public DB/LB detection, IAM roles
resource-ownership.md	Chargeback, ownership, cost allocation	Tag-based grouping, multi-account summaries
events.md	Load to check Auto Scaling, Health, and CloudFormation events	CloudFormation, Auto Scaling, AWS Health events
workload-detection.md	Load to determine orchestration context and resolution path	LB, ASG, ECS, EKS, Batch detection for blast radius analysis
metrics-performance.md	Load to query metric timeseries for a specific resource	DQL timeseries patterns for EC2, Lambda, RDS, SQS, ELB, ECS, DynamoDB

当上述核心模式需要针对特定服务做适配时，加载对应的参考文件获取详细查询规则。

参考文件	加载时机	核心内容
vpc-networking-security.md	VPC拓扑、安全组、子网、NAT、VPN、对等连接查询	VPC资源映射、安全组影响范围分析、公网IP检测
database-monitoring.md	RDS、DynamoDB、ElastiCache、Redshift查询	多可用区检查、引擎分布统计、子网组分析、依赖关系查询
serverless-containers.md	Lambda、ECS、EKS、App Runner查询	VPC挂载函数统计、服务-集群映射、容器网络分析
load-balancing-api.md	ALB/NLB拓扑、API Gateway、CloudFront查询	LB→TG→实例关系遍历、监听器配置检查、API阶段管理
messaging-event-streaming.md	SQS、SNS、EventBridge、Kinesis、MSK查询	队列/主题清单、流数据分析、名称模式匹配
resource-management.md	资源审计、标签合规、生命周期管理	未关联资源、已删除资源、标签覆盖率分析
cost-optimization.md	成本节约、闲置资源、规格优化	EBS成本分析、实例类型统计、运行时分布、快照分析
capacity-planning.md	容量分析、弹性扩缩容、IP利用率统计	ASG余量、子网IP数量统计、ECS期望实例数与运行实例数对比
security-compliance.md	安全审计、加密检查、公共访问检测	安全组规则分析（0.0.0.0/0、开放端口）、S3公共访问阻断检查、EBS加密检查、安全组影响范围分析、公网数据库/LB检测、IAM角色分析
resource-ownership.md	费用分摊、资源归属、成本分配	基于标签的分组统计、多账户汇总
events.md	自动扩缩容、健康事件、CloudFormation事件检查	CloudFormation、Auto Scaling、AWS Health事件查询
workload-detection.md	编排上下文识别、问题根因路径定位	LB、ASG、ECS、EKS、Batch检测，用于影响范围分析
metrics-performance.md	特定资源的指标时序数据查询	EC2、Lambda、RDS、SQS、ELB、ECS、DynamoDB的DQL时序查询模式

Best Practices

最佳实践

Query Optimization

查询优化

Filter early by account and region
Use specific entity types (avoid
```
"AWS_*"
```
wildcards when possible)
Limit results with
```
| limit N
```
for exploration
Use
```
isNotNull()
```
checks before accessing nested fields

优先按账户和区域过滤数据
使用具体的实体类型（尽可能避免使用
```
"AWS_*"
```
通配符）
探索查询时使用
```
| limit N
```
限制返回结果数量
访问嵌套字段前先使用
```
isNotNull()
```
做非空检查

Configuration Parsing

配置解析

Always parse

aws.object

with JSON parser:

parse aws.object, "JSON:awsjson"

Use consistent field naming:

fieldsAdd configField = awsjson[configuration][field]

Check for null values after parsing
Use
```
toString()
```
for complex nested objects

始终使用JSON解析器解析

aws.object

：

parse aws.object, "JSON:awsjson"

使用统一的字段命名规则：

fieldsAdd configField = awsjson[configuration][field]

解析后检查空值
复杂嵌套对象使用
```
toString()
```
转换

Security Fields

安全字段处理

Security group IDs are arrays - use
```
contains()
```
or
```
expand
```
Parse
```
aws.object
```
for detailed security context
Check
```
publiclyAccessible
```
,
```
storageEncrypted
```
, and similar flags

安全组ID是数组类型——使用
```
contains()
```
或
```
expand
```
处理
解析
```
aws.object
```
获取详细安全上下文
检查
```
publiclyAccessible
```
、
```
storageEncrypted
```
等相关标识

Tagging Strategy

标签策略

Use
```
tags[TagName]
```
for filtering
Check
```
arraySize(tags)
```
for untagged resources
Track tag coverage with summarize operations

使用
```
tags[TagName]
```
做过滤
使用
```
arraySize(tags)
```
检查未打标签的资源
使用summarize操作统计标签覆盖率

Limitations and Notes

限制与注意事项

Smartscape Limitations

Smartscape限制

AWS object configuration requires parsing with
```
parse aws.object, "JSON:awsjson"
```
AWS metrics are available as Dynatrace metrics using the
```
cloud.aws.*
```
naming convention (see AWS Metric Naming Convention)
Resource discovery depends on AWS integration configuration
Tag synchronization may have slight delays

AWS对象配置需要使用
```
parse aws.object, "JSON:awsjson"
```
解析
AWS指标以
```
cloud.aws.*
```
命名规范作为Dynatrace指标提供（参考AWS指标命名规范）
资源发现依赖AWS集成配置
标签同步可能存在轻微延迟

Relationship Traversal

关系遍历

Use
```
direction:backward
```
for reverse relationships (e.g., target group → load balancer)
Use
```
fieldsKeep
```
to maintain important fields through traversal
Access traversal history with
```
dt.traverse.history[-N]
```
Complex topologies may require multiple traverse operations

反向关系使用
```
direction:backward
```
（例如：目标组 → 负载均衡）
使用
```
fieldsKeep
```
在遍历过程中保留重要字段
使用
```
dt.traverse.history[-N]
```
访问遍历历史
复杂拓扑可能需要多次遍历操作

General Tips

通用提示

Use
```
getNodeName()
```
for human-readable resource names
Handle null values gracefully with
```
isNotNull()
```
and
```
isNull()
```
Combine region and account filters for large environments
Use
```
countDistinct()
```
for unique resource counts

使用
```
getNodeName()
```
获取人类可读的资源名称
使用
```
isNotNull()
```
和
```
isNull()
```
优雅处理空值
大规模环境下组合区域和账户过滤条件
使用
```
countDistinct()
```
统计唯一资源数量