Setting Up
AWS Pre-Configuration
Monitoring of AWS hosts requires the agent to be provided with an AWS Identity and Access Management (IAM) user. That user should have sufficient privileges to access instance metadata as well as access to metrics through CloudWatch. The following is a brief list of steps on how to do this. Skip any steps in user or RDS configuration that were previously completed. For additional information, refer to the complete AWS IAM Documentation and RDS Documentation.
IAM User Setup
- Using the IAM service, create an IAM user
- Create a name for the user and select the “Programmatic Access Option” (uses access ID and secret access key). Save these keys as they are used later for configuring the agent.
- When configuring permissions, select the “Attach existing policies directly” option and search for and add the following permissions:
- CloudWatchReadOnlyAccess
- AmazonEC2ReadOnlyAccess
- AmazonRDSReadOnlyAccess
- Finish creating or modifying the user
RDS Enhanced Monitoring Configuration
Enhanced monitoring is supported for all RDS database types except for SQL Server. AWS MS-SQL will be supported in an upcoming release. Enabling enhanced monitoring will allow the collection of more detailed metrics for CPU, Memory, Network, and Disk utilization and tasks and processes. The agent will automatically detect whether enhanced monitoring is enabled for a database, though an agent restart may be necessary if enhanced monitoring is enabled while the agent is running.
- Create or modify an RDS instance
- In the Additional Configuration > Monitoring section, check the “Enable Enhanced monitoring” box
- For the Monitoring Role dropdown, select either an IAM role that has the AmazonRDSEnhancedMonitoringRole permission or “default,” in which case AWS will automatically create rds-monitoring-role and assign it to the database. This role allows the DB instance to publish metrics to the CloudWatch Logs service and can be used for all instances where enhanced monitoring is enabled.