Monitoring AWS RDS deployments v1.3.2
You can monitor your Amazon Web Service (AWS) relational database service (RDS) deployments with Hybrid Manager (HM).
Prerequisites
You must have access to the Kubernetes environment where HM resides and also have sufficient administrator privileges to change the settings on the entire HM cluster.
This access requirement is different from other external database monitoring situations with HM, such as self-managed deployments of Postgres, where fewer privileges are required.
You must also ensure that the user credentials stored in the Kubernetes secret (beacon-csp-credentials) have sufficient permissions for the AWS RDS environment being monitored. Without these permissions, the system can't retrieve all available metrics.
To do this, you need to obtain an AWS access key of an IAM user with the following minimal permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowInstanceAndLogDescriptions",
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles"
],
"Resource": [
"arn:aws:rds:*:*:db:*"
]
},
{
"Sid": "AllowMaintenanceDescriptions",
"Effect": "Allow",
"Action": [
"rds:DescribePendingMaintenanceActions"
],
"Resource": "*"
},
{
"Sid": "AllowGettingCloudWatchMetrics",
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricData"
],
"Resource": "*"
},
{
"Sid": "AllowRDSUsageDescriptions",
"Effect": "Allow",
"Action": [
"rds:DescribeAccountAttributes"
],
"Resource": "*"
},
{
"Sid": "AllowQuotaDescriptions",
"Effect": "Allow",
"Action": [
"servicequotas:GetServiceQuota"
],
"Resource": "*"
},
{
"Sid": "AllowInstanceTypeDescriptions",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstanceTypes"
],
"Resource": "*"
},
{
"Sid": "AllowInstanceFilterByTags",
"Effect": "Allow",
"Action": [
"tag:GetResources"
],
"Resource": "*"
}
]
}Setting up HM agent to monitor AWS RDS deployments on HM
You can set up the agent to monitor all your AWS RDS deployments on HM.
Note
Once you register an RDS region, the system adds every database you have in that RDS region. This can result in several resources being added to your estate. They are all under one project, so you either have access as a user to all the RDS databases or you don't have access to any of them.
Add your
beacon-csp-credentialssecret.Add your
beacon-csp-credentialssecret in your HM Kubernetes cluster'supm-beaconnamespace:kubectl apply -f - <<EOF apiVersion: v1 kind: Secret metadata: name: beacon-csp-credentials namespace: upm-beacon stringData: AWS_ACCESS_KEY_ID: replace_with_your_access_key_id AWS_SECRET_ACCESS_KEY: replace_with_your_secret_access_key AWS_REGION: example-us-east-1 BEACON_PROVIDER_AWS_CONSTANT_REGIONS: example-us-east-1 BEACON_PROVIDER_AWS_CONSTANT_PROJECT_ID: your_project_id BEACON_AGENT_PROVIDERS: appliance,aws BEACON_PROVIDER_AWS_MODE: constant BEACON_PROVIDER_AWS_CONSTANT_SERVICES: rds EOF
Restart the agent and external metrics receiver:
kubectl -n upm-beacon rollout restart deployment upm-beacon-agent-k8s kubectl -n upm-beacon rollout restart deployment upm-beacon-external-metrics-receiver
You now see your AWS RDS deployments on your Estate page. After the databases start populating, you can see five metrics:
CPU
Network throughput
Connections
Disk IOPS
Disk throughput
Disabling AWS RDS monitoring in HM
You can turn off monitoring of your AWS RDS deployments.
Delete your
beacon-csp-credentialssecret:kubectl -n upm-beacon rollout restart deployment upm-beacon-agent-k8s
Restart the agent and external metrics receiver:
kubectl -n upm-beacon rollout restart deployment upm-beacon-agent-k8s kubectl -n upm-beacon rollout restart deployment upm-beacon-external-metrics-receiver
You no longer see your AWS RDS deployments on your estate and are no longer monitoring them with HM.