Skip to main content

Configuring the RDS CloudWatch metric collection roles

This guide explains how to collect data by granting RDS CloudWatch metric collection roles to EC2 without using the ARN value of the IAM ROLE in database monitoring.

Configuration through AWS CloudFormation

Through the AWS CloudFormation template provided by WhaTap, AWS IAM policy, roles, and AWS EC2 instance profile are automatically installed.

  1. Click the following link. Then the instance profile is generated through stack creation.

    RDS roles installation page

  2. In EC2 > Instances, select an instance in which the DB agent has been installed, and then select Actions > Security > Modify IAM role.

  3. In EC2 > Instances > Modify IAM role, enter the created IAM Role or Instance Profile Name.

    Default value: Role (WhaTapRDSCloudWatchMetricRole), InstanceProfile(WhaTapRDSCloudWatchMetricProfile)

Configuration through the AWS console

The following explains how to create an AWS IAM policy and roles through the AWS console.

Creation of AWS IAM policy

  1. Go to IAM > Polices and then select Create Policy.

  2. Select JSON as the configuration method, enter the following, and then select Next.

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "ec2:DescribeInstanceTypes",
                    "elasticache:DescribeCacheClusters",
                    "cloudwatch:GetMetricStatistics",
                    "cloudwatch:ListMetrics"
                ],
                "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "rds:DownloadDBLogFilePortion",
                    "rds:DescribeDBInstances",
                    "rds:DescribeDBLogFiles",
                    "rds:DescribeDBClusters"
                ],
                "Resource": [
                    "arn:aws:rds:*:{AWS::ACCOUNT}:db:*",
                    "arn:aws:rds:*:{AWS::ACCOUNT}:cluster:*"
                ]
            }
        ]
    }

  3. Enter the policy name and then select Create Policy.

Creation of AWS IAM roles

  1. Go to IAM > Roles and then select Create Role.

  2. In the Select trusted entity step, select AWS Service and EC2 as trusted entity types.

  3. In the Add permissions step, select the created policy.

  4. In Name, review, and create steps, enter the name and description and then select Create role.

Modification of the AWS IAM role

  1. In EC2 > Instances, select an instance in which the DB agent has been installed, and then select Actions > Security > Modify IAM role.

  2. In EC2 > Instances > Modify IAM role, enter the created IAM Role.

Agent CONFIG.

Set the options for which metrics to be searched in the whatap.conf file. arn is optional.

whatap.conf
cloud_watch=on
#aws_region=ap-northeast-2
#aws_arn=arn:aws:iam::649024405358:role/rds-monitoring-role
cloud_watch_metrics=CPUUtilization,FreeableMemory,FreeStorageSpace,NetworkTransmitThroughput,NetworkReceiveThroughput
cloud_watch_instance=mysql-rds