Monitoring AWS RDS deployments Innovation Release
- Hybrid Manager dual release strategy
- Documentation for the current Long-term support release
You can monitor your Amazon Web Service (AWS) Relational Database Service (RDS) deployments with Hybrid Manager (HM).
Prerequisites
You must have access to the Kubernetes environment where HM resides and also have sufficient administrator privileges to change the settings on the entire HM cluster.
This access requirement is different from other external database monitoring situations with HM, such as self-managed deployments of Postgres, where fewer privileges are required.
You must also ensure that the user credentials stored in a Kubernetes secret, for example example-beacon-csp-credentials, have sufficient permissions for the AWS RDS environment being monitored. Without these permissions, the system can't retrieve all available metrics.
To do this, you need to obtain an AWS access key of an IAM user with the following minimal permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowInstanceAndLogDescriptions",
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles"
],
"Resource": [
"arn:aws:rds:*:*:db:*"
]
},
{
"Sid": "AllowMaintenanceDescriptions",
"Effect": "Allow",
"Action": [
"rds:DescribePendingMaintenanceActions"
],
"Resource": "*"
},
{
"Sid": "AllowGettingCloudWatchMetrics",
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricData"
],
"Resource": "*"
},
{
"Sid": "AllowRDSUsageDescriptions",
"Effect": "Allow",
"Action": [
"rds:DescribeAccountAttributes"
],
"Resource": "*"
},
{
"Sid": "AllowQuotaDescriptions",
"Effect": "Allow",
"Action": [
"servicequotas:GetServiceQuota"
],
"Resource": "*"
},
{
"Sid": "AllowInstanceTypeDescriptions",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstanceTypes"
],
"Resource": "*"
},
{
"Sid": "AllowInstanceFilterByTags",
"Effect": "Allow",
"Action": [
"tag:GetResources"
],
"Resource": "*"
}
]
}Setting up EDB Postgres AI agent to monitor AWS RDS deployments on HM
You can set up the agent to monitor all your AWS RDS deployments on HM.
Note
Once you register an RDS region, the system adds every database you have in that RDS region. This can result in several resources being added to your estate. They are all under one project, so you either have access as a user to all the RDS databases or you don't have access to any of them.
Add your
example-beacon-csp-credentialssecret.Add your
example-beacon-csp-credentialssecret in your HM Kubernetes cluster'supm-beaconnamespace.Example
yamlsample:kubectl apply -f - <<EOF apiVersion: v1 kind: Secret metadata: name: example-beacon-csp-credentials namespace: upm-beacon stringData: AWS_ACCESS_KEY_ID: <your_access_key_id> AWS_SECRET_ACCESS_KEY: <your_secret_access_key> AWS_SESSION_TOKEN: <your_session_token> AWS_REGION: example-us-east-1 BEACON_PROVIDER_AWS_CONSTANT_REGIONS: example-us-east-1 BEACON_PROVIDER_AWS_CONSTANT_PROJECT_ID: <your_project_id> BEACON_AGENT_PROVIDERS: appliance,aws BEACON_PROVIDER_AWS_MODE: constant BEACON_PROVIDER_AWS_CONSTANT_SERVICES: rds EOFRestart the agent and external metrics receiver:
kubectl -n upm-beacon rollout restart deployment upm-beacon-agent-k8s kubectl -n upm-beacon rollout restart deployment upm-beacon-external-metrics-receiver
You now see your AWS RDS deployments on your Estate page. After the databases start populating, you can see five metrics:
CPU
Network throughput
Connections
Disk IOPS
Disk throughput
Disabling AWS RDS monitoring in HM
You can turn off monitoring of your AWS RDS deployments.
Delete your
beacon-csp-credentialssecret:kubectl -n upm-beacon delete secret beacon-csp-credentials
Restart the agent and external metrics receiver:
kubectl -n upm-beacon rollout restart deployment upm-beacon-agent-k8s kubectl -n upm-beacon rollout restart deployment upm-beacon-external-metrics-receiver
You no longer see your AWS RDS deployments on your estate and are no longer monitoring them with HM.