# Connecting to Dynatrace
<a name="connecting-to-data-dynatrace"></a>

Dynatrace is a platform that offers analytics and automation for comprehensive observability and security. It specializes in monitoring and optimizing application performance, infrastructure, and user experience.

**Topics**
+ [AWS Glue support for Dynatrace](dynatrace-support.md)
+ [Policies containing the API operations for creating and using connections](dynatrace-configuring-iam-permissions.md)
+ [Configuring Dynatrace](dynatrace-configuring.md)
+ [Configuring Dynatrace connections](dynatrace-configuring-connections.md)
+ [Reading from Dynatrace entities](dynatrace-reading-from-entities.md)
+ [Dynatrace connection options](dynatrace-connection-options.md)
+ [Dynatrace limitations](dynatrace-connection-limitations.md)

# AWS Glue support for Dynatrace
<a name="dynatrace-support"></a>

AWS Glue supports Dynatrace as follows:

**Supported as a source?**  
Yes. You can use AWS Glue ETL jobs to query data from Dynatrace.

**Supported as a target?**  
No.

**Supported Dynatrace API versions**  
The following Dynatrace API versions are supported:
+ v2

# Policies containing the API operations for creating and using connections
<a name="dynatrace-configuring-iam-permissions"></a>

The following sample policy describes the required AWS IAM permissions for creating and using connections. If you are creating a new role, create a policy that contains the following:

------
#### [ JSON ]

****  

```
{
  "Version":"2012-10-17",		 	 	 
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "glue:ListConnectionTypes",
        "glue:DescribeConnectionType",
        "glue:RefreshOAuth2Tokens",
        "glue:ListEntities",
        "glue:DescribeEntity"
      ],
      "Resource": "*"
    }
  ]
}
```

------

If you don't want to use the above method, alternatively use the following managed IAM policies:
+ [AWSGlueServiceRole](https://console.aws.amazon.com/iam/home#policies/arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole) – Grants access to resources that various AWS Glue processes require to run on your behalf. These resources include AWS Glue, Amazon S3, IAM, CloudWatch Logs, and Amazon EC2. If you follow the naming convention for resources specified in this policy, AWS Glue processes have the required permissions. This policy is typically attached to roles specified when defining crawlers, jobs, and development endpoints.
+ [AWSGlueConsoleFullAccess](https://console.aws.amazon.com/iam/home#policies/arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess) – Grants full access to AWS Glue resources when an identity that the policy is attached to uses the AWS Management Console. If you follow the naming convention for resources specified in this policy, users have full console capabilities. This policy is typically attached to users of the AWS Glue console.

# Configuring Dynatrace
<a name="dynatrace-configuring"></a>

Before you can use AWS Glue to transfer data from Dynatrace, you must meet these requirements:

## Minimum requirements
<a name="dynatrace-configuring-min-requirements"></a>

The following are minimum requirements:
+ You have a Dynatrace account.
+ You have generated an Access Token in your Dynatrace account with the appropriate read/write scope assigned to access the APIs. For more information, see [Generate a token](https://docs.dynatrace.com/docs/discover-dynatrace/references/dynatrace-api/basics/dynatrace-api-authentication#create-token).

If you meet these requirements, you’re ready to connect AWS Glue to your Dynatrace account.

# Configuring Dynatrace connections
<a name="dynatrace-configuring-connections"></a>

Dynatrace supports custom authentication.

To configure a Dynatrace connection:

1. In AWS Secrets Manager, create a secret with the following details:

   1. For the customer managed connected app, the Secret should contain the connected app API key with `apiToken` as key.

   1. Note: you must create a secret for your connections in AWS Glue.

1. In AWS Glue Glue Studio, create a connection under **Data Connections** by following the steps below:

   1. When selecting a **Data Source**, select Dynatrace.

   1. Provide the `INSTANCE_URL` of the Dynatrace account you want to connect to.

   1. Select the AWS IAM role which AWS Glue can assume and has permissions for following actions:

------
#### [ JSON ]

****  

      ```
      {
        "Version":"2012-10-17",		 	 	 
        "Statement": [
          {
            "Effect": "Allow",
            "Action": [
              "secretsmanager:DescribeSecret",
              "secretsmanager:GetSecretValue",
              "secretsmanager:PutSecretValue",
              "ec2:CreateNetworkInterface",
              "ec2:DescribeNetworkInterfaces",
              "ec2:DeleteNetworkInterface"
            ],
            "Resource": "*"
          }
        ]
      }
      ```

------

   1. Select the `secretName` which you want to use for this connection in AWS Glue to put the tokens.

   1. Select the network options if you want to use your network.

1. Grant the IAM role associated with your AWS Glue job permission to read `secretName`.

# Reading from Dynatrace entities
<a name="dynatrace-reading-from-entities"></a>

**Prerequisite**

A Dynatrace object you would like to read from. You will need the object name such as "problem".

**Supported entities for source**:


| Entity | Can be filtered | Supports limit | Supports Order by | Supports Select \$1 | Supports partitioning | 
| --- | --- | --- | --- | --- | --- | 
| Problem | Yes | Yes | Yes | Yes | No | 

**Example**:

```
Dynatrace_read = glueContext.create_dynamic_frame.from_options(
    connection_type="Dynatrace",
    connection_options={
        "connectionName": "connectionName",
        "ENTITY_NAME": "problem",
        "API_VERSION": "v2",
        "INSTANCE_URL": "https://[instanceName].live.dynatrace.com"
    }
```

**Dynatrace entity and field details**:

Dynatrace provides endpoints to fetch metadata dynamically for supported entities. Accordingly, operator support is captured at the datatype level.

[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/glue/latest/dg/dynatrace-reading-from-entities.html)

## Partitioning queries
<a name="dynatrace-reading-partitioning-queries"></a>

Dynatrace doesn’t support field based or record based partitioning.

# Dynatrace connection options
<a name="dynatrace-connection-options"></a>

The following are connection options for Dynatrace:
+ `ENTITY_NAME`(String) - (Required) Used for Read. The name of your object in Dynatrace.
+ `API_VERSION`(String) - (Required) Used for Read. Dynatrace Rest API version you want to use.
+ `INSTANCE_URL`(String) - Used for Read. A valid Dynatrace instance URL.
+ `SELECTED_FIELDS`(List<String>) - Default: empty(SELECT \$1). Used for Read. Columns you want to select for the object.
+ `FILTER_PREDICATE`(String) - Default: empty. Used for Read. It should be in the Spark SQL format.
+ `QUERY`(String) - Default: empty. Used for Read. Full Spark SQL query.

# Dynatrace limitations
<a name="dynatrace-connection-limitations"></a>

The following are limitations or notes for Dynatrace:
+ Dynatrace doesn’t support either field based or record based partitioning.
+ For the Select All feature, if you provide the "field" in the filter then it will not allow records to be more then 10 per page.
+ The maximum page size supported is 500. If you select any of the [`evidenceDetails, impactAnalysis, recentComments`] fields while creating the flow then records per page will be defaulted to 10.