Applying access control for teams using Dynatrace Management Zones
TypeScriptTo apply access control for teams using Dynatrace Management Zones with Pulumi, you would typically create a
ManagementZone
resource. This resource allows you to define management zones in Dynatrace, which are used to partition and control access to your monitoring data. By defining such zones, you can restrict access so that teams only see the data relevant to them.The
ManagementZone
resource has several properties that can be set, which include specifying the name of the zone, the rules for the conditions under which entities (like hosts, services, applications, etc.) are included in the zone, and a description of the management zone for better clarity.Below is a Pulumi program in TypeScript that demonstrates how to create a simple management zone in Dynatrace. In this case, we are creating a zone that includes entities based on the presence of a specific tag. This sort of configuration is common when you want to create separate monitoring views for different teams based on tags that represent team ownership, environment type, etc.
Before you run this code, ensure you have set up your Pulumi environment with the appropriate Dynatrace provider configuration (which may include setting your API token and environment ID).
Here's a detailed Pulumi program:
import * as pulumi from "@pulumi/pulumi"; import * as dynatrace from "@pulumi/dynatrace"; // Create a new Management Zone for a team const teamManagementZone = new dynatrace.ManagementZone("teamManagementZone", { name: "Team A Management Zone", description: "This management zone is designated for Team A only", // Define rules to include entities in this zone based on a tag 'team' with the value 'team-a' rules: [{ type: "SERVICE", enabled: true, conditions: [{ key: { attribute: "TAG", type: "STATIC", }, value: { key: "team", value: "team-a", context: "CONTEXTLESS", }, operator: "EQUALS", negate: false, }] }], }); // Output the ID of the Management Zone we've just created for further reference export const managementZoneId = teamManagementZone.id;
This program starts by importing the Pulumi SDK and the Dynatrace provider. It then creates a new
dynatrace.ManagementZone
resource namedteamManagementZone
. We assign it a human-readable name and a description to make clear its purpose. Therules
array specifies the condition that entities must meet to be included in this zone. In this example, all services that have the tagteam
equal toteam-a
would be included in "Team A Management Zone."After running
pulumi up
with this program, Pulumi will create a new management zone in your Dynatrace environment.Make sure you explore the Dynatrace documentation for Management Zones to see all the possible conditions and rules you can apply when creating a management zone: dynatrace.ManagementZone.
Don't forget to replace the tag keys and values with those that match your environment and requirements. The management zone will then reflect the services associated with those tags, providing controlled access for your teams.