Setting up and enabling Enhanced Monitoring - Amazon Relational Database Service

Setting up and enabling Enhanced Monitoring

To use Enhanced Monitoring, you must create an IAM role, and then enable Enhanced Monitoring.

Creating an IAM role for Enhanced Monitoring

Enhanced Monitoring requires permission to act on your behalf to send OS metric information to CloudWatch Logs. You grant Enhanced Monitoring permissions using an AWS Identity and Access Management (IAM) role.

Creating the IAM role when you enable Enhanced Monitoring

When you enable Enhanced Monitoring in the RDS console, Amazon RDS can create the required IAM role for you. The role is named rds-monitoring-role. RDS uses this role for the specified DB instance or read replica.

To create the IAM role when enabling Enhanced Monitoring

  1. Follow the steps in Enabling and disabling Enhanced Monitoring.

  2. Set Monitoring Role to Default in the step where you choose a role.

Creating the IAM role before you enable Enhanced Monitoring

You can create the required role before you enable Enhanced Monitoring. When you enable Enhanced Monitoring, specify your new role's name. You must create this required role if you enable Enhanced Monitoring using the AWS CLI or the RDS API.

The user that enables Enhanced Monitoring must be granted the PassRole permission. For more information, see Example 2 in Granting a user permissions to pass a role to an AWS service in the IAM User Guide.

To create an IAM role for Amazon RDS enhanced monitoring

  1. Open the IAM console at https://console.aws.amazon.com.

  2. In the navigation pane, choose Roles.

  3. Choose Create role.

  4. Choose the AWS service tab, and then choose RDS from the list of services.

  5. Choose RDS - Enhanced Monitoring, and then choose Next: Permissions.

  6. Ensure that the Attached permissions policy page shows AmazonRDSEnhancedMonitoringRole, and then choose Next: Tags.

  7. On the Add tags page, choose Next: Review.

  8. For Role Name, enter a name for your role. For example, enter emaccess.

    The trusted entity for your role is the AWS service monitoring.rds.amazonaws.com.

  9. Choose Create role.

Enabling and disabling Enhanced Monitoring

You can enable and disable Enhanced Monitoring using the AWS Management Console, AWS CLI, or RDS API. You choose the RDS instances on which you want to enable Enhanced Monitoring. You can set different granularities for metric collection on each instance.

You can enable Enhanced Monitoring when you create a DB instance or read replica, or when you modify a DB instance. If you modify a DB instance to enable Enhanced Monitoring, you don't need to reboot your DB instance for the change to take effect.

You can enable Enhanced Monitoring in the RDS console when you do one of the following actions:

  • Create a DB instance – You can enable Enhanced Monitoring in the Monitoring section under Additional configuration.

  • Create a read replica – You can enable Enhanced Monitoring in the Monitoring section.

  • Modify a DB instance – You can enable Enhanced Monitoring in the Monitoring section.

To enable Enhanced Monitoring by using the RDS console

  1. Scroll to the Monitoring section.

  2. Choose Enable enhanced monitoring for your DB instance or read replica. To disable Enhanced Monitoring, choose Disable enhanced monitoring.

    
                  Enable Enhanced Monitoring
  3. Set the Monitoring Role property to the IAM role that you created to permit Amazon RDS to communicate with Amazon CloudWatch Logs for you, or choose Default to have RDS create a role for you named rds-monitoring-role.

  4. Set the Granularity property to the interval, in seconds, between points when metrics are collected for your DB instance or read replica. The Granularity property can be set to one of the following values: 1, 5, 10, 15, 30, or 60.

Note

The fastest that the RDS console refreshes is every 5 seconds. If you set the granularity to 1 second in the RDS console, you still see updated metrics only every 5 seconds. You can retrieve 1-second metric updates by using CloudWatch Logs.

To enable Enhanced Monitoring using the AWS CLI, in the following commands, set the --monitoring-interval option to a value other than 0 and set the --monitoring-role-arn option to the role you created in Creating an IAM role for Enhanced Monitoring.

The --monitoring-interval option specifies the interval, in seconds, between points when Enhanced Monitoring metrics are collected. Valid values for the option are 0, 1, 5, 10, 15, 30, and 60.

To disable Enhanced Monitoring using the AWS CLI, set the --monitoring-interval option to 0 in the these commands.

Example

The following example enables Enhanced Monitoring for a DB instance:

For Linux, macOS, or Unix:

aws rds modify-db-instance \ --db-instance-identifier mydbinstance \ --monitoring-interval 30 \ --monitoring-role-arn arn:aws:iam::123456789012:role/emaccess

For Windows:

aws rds modify-db-instance ^ --db-instance-identifier mydbinstance ^ --monitoring-interval 30 ^ --monitoring-role-arn arn:aws:iam::123456789012:role/emaccess

To enable Enhanced Monitoring using the RDS API, set the MonitoringInterval parameter to a value other than 0 and set the MonitoringRoleArn parameter to the role you created in Creating an IAM role for Enhanced Monitoring. Set these parameters in the following actions:

The MonitoringInterval parameter specifies the interval, in seconds, between points when Enhanced Monitoring metrics are collected. Valid values are 0, 1, 5, 10, 15, 30, and 60.

To disable Enhanced Monitoring using the RDS API, set MonitoringInterval to 0.