Monitoring AWS resources in EDB Postgres AI

Overview

Setting up the EDB Postgres® AI Console to monitor your RDS instances and S3 buckets on AWS involves adding a specific policiy and role in AWS. Once these are configured, you need to enter the role ARN of the newly created role into the Cloud Hosted Databases UI, accessible via the Estate page in the EDB Postgres AI Console.

Using this role ARN and a custom policy, the EDB Postgres AI server will have access to the RDS and S3 information in your AWS account.

After providing the role ARN in the Cloud Hosted Databases UI, you will see the selected AWS resources (RDS instances and/or S3 buckets) in the chosen AWS regions on your Estate page in the Cloud Hosted Databases section.

Setting up monitoring of AWS resources in EDB Postgres AI Estate

Starting the Cloud Hosted Databases UI

1. Go to EDB Postgres AI Console.

2. Scroll down to the Cloud Hosted Databases section, select the Manage Access button, and choose your project.

3. The Cloud Hosted Databases UI shows Step 1 - Create custom policy.

Creating the AWS custom policy

4. Go to the console of your AWS account with the RDS instances and S3 buckets you want to monitor.

5. Navigate to IAM, and in the navigation pane on the left side of the AWS console, select Policies.

6. On the Policies dashboard page, select the Create policy button.

7. In the Policy editor section, choose the JSON option.

8. Type or paste the following JSON policy document into the JSON editor:

   Toggle WrapCopy

   {
     "Version": "2012-10-17",
     "Statement": [
       {
         "Sid": "VisualEditor0",
         "Effect": "Allow",
         "Action": [
           "rds:DescribeDBInstances",
           "s3:ListAllMyBuckets",
           "rds:DescribeDBClusters"
         ],
         "Resource": "*"
       }
     ]
   }

9. Select Next, give the policy a name, for example, edb-postgres-ai-addon-policy and select Create Policy. This policy allows EDB Postgres AI server to query metadata of your AWS RDS and S3 services.

Creating the AWS role

10. Next, in the Cloud Hosted Databases UI, select the Next: Create a Role button. The Cloud Hosted Databases UI should now show Step 2 - Create a Role.

11. Go to the AWS console UI, and in the left-hand navigation pane, choose Roles and then select the Create role button.

12. Select Custom trust policy role type.

13. In the Custom trust policy section, paste the trust policy you obtained from Step 2 in the Cloud Hosted Databases UI. It looks similar to this:

    Toggle WrapCopy

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "AWS": "arn:aws:iam::292478331082:root"
          },
          "Action": "sts:AssumeRole",
          "Condition": {
            "StringEquals": {
              "sts:ExternalId": "<project-id>"
            }
          }
        }
      ]
    }

    Note

    The EDB Postgres AI Cloud Hosted Databases UI shows a snippet like the one above but with the <project-id> already specified.

14. Select the Next button.

15. Select the policy you created earlier. In this example, we used edb-postgres-ai-addon-policy.

16. Select the Next button.

17. Give the role a name. Note that you must give the role a name that starts with biganimal-role, such as biganimal-role-beacon.

18. Select the Create role button.

Entering the role ARN into the EDB Postgres AI UI

19. Still in the AWS console, select the View role button in the green banner at the top of the Roles dashboard in the AWS console.

20. Copy the role ARN from the Summary section of the Role page in AWS console and paste it into the form at the bottom of the Cloud Hosted Databases UI labeled Role ARN.

21. Select the Next: Regions and Services button in the Cloud Hosted Databases UI to move to the next step.

Selecting the scope of regions and services

22. For Step 3 - Regions and Services, select the regions that you want to monitor and the services you want to monitor in those regions.

23. Select the Next: Review and submit button.

24. Review your regions and services selections, then select the Submit button. If you notice a mistake, you can always use the Prev: Regions and Services button and go back a step.

25. Upon success, you will see a notification at the top of the Estate page saying, "The configuration has been submitted successfully."

26. Within a moment, you should start to see the Cloud Hosted Databases section of your Estate page populate with the available S3 buckets and RDS instances.

• On this page
• Overview
• Setting up monitoring of AWS resources in EDB Postgres AI Estate
  • Starting the Cloud Hosted Databases UI
  • Creating the AWS custom policy
  • Creating the AWS role
  • Entering the role ARN into the EDB Postgres AI UI
  • Selecting the scope of regions and services