AWS RDS Getting Started
You can use pgDash with AWS RDS, just like with any other PostgreSQL database server. The following steps should help you get up and running with monitoring your RDS instance with pgDash in just a few minutes.
In a nutshell, it involves setting up a periodic (cron) job on a system with access to the database (typically an EC2 instance in the same subnet) that connects to the RDS instance, collects metrics, and sends them to pgDash.
1. Get pgmetrics
pgmetrics is an open-source, command-line tool that collects metrics from your RDS instance. It can display the results in a easy-to-read text format, or as JSON for sending it to other tools. pgmetrics is a single, statically-linked binary, which makes it easy to deploy. It also uses, by design, almost exactly the same arguments as the standard
psql command. It also understands the same environment variables and .pgpass file that other PostgreSQL CLI tools do.You can download the latest release of pgmetrics from GitHub here: https://github.com/rapidloop/pgmetrics/releases
Unpack the release and copy the
pgmetrics binary to an EC2 instance with access to the database.2. Get pgdash CLI
The pgdash CLI tool is a simple command-line tool to send the output of pgmetrics to pgDash.
You can download the latest release of pgdash CLI from GitHub here: https://github.com/rapidloop/pgdash/releases
Unpack the release and copy the
pgdash binary to the same EC2 instance as before.3. Run pgmetrics
Assume you're able to connect to your database using
psql like this:1
~$ psql -h mydbinstance.cipenhlkhjrl.us-east-1.rds.amazonaws.com -U wheel mydb
2
Password for user wheel:
3
Timing is on.
4
Null display is "~".
5
psql (10.6 (Ubuntu 10.6-0ubuntu0.18.10.1), server 11.1)
6
WARNING: psql major version 10, server major version 11.
7
Some psql features might not work.
8
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
9
Type "help" for help.
10
11
mydb=>
12
Copied!
You can then run
pgmetrics using the same arguments:1
~$ pgmetrics -h mydbinstance.cipenhlkhjrl.us-east-1.rds.amazonaws.com -U wheel mydb
2
Password:
3
4
pgmetrics run at: 24 Mar 2019 7:48:19 AM (14 seconds ago)
5
6
PostgreSQL Cluster:
7
Name:
8
Server Version: 11.1
9
Server Started: 24 Mar 2019 7:41:33 AM (7 minutes ago)
10
System Identifier: 6649771538356156598
11
Timeline: 1
12
Last Checkpoint: 24 Mar 2019 7:47:07 AM (1 minute ago)
13
REDO LSN: 0/C000D18
14
Checkpoint LSN: 0/C000D50 (56 B since REDO)
15
Transaction IDs: 562 to 620 (diff = 58)
16
Notification Queue: 0.0% used
17
Active Backends: 3 (max 87)
18
Recovery Mode? no
19
20
[..snip..]
Copied!
Here
wheel is a user with superuser privileges, but you can use any credentials that have access to the pg_catalog schema.You'll need to invoke pgmetrics without it prompting for a password, so that you can automate the collection process. The standard ways all work --
.pgpass files, using trust authentication and client certificates. You can even directly supply the password in plain-text, like this:1
~$ PGPASSWORD='MY-PASSWORD' pgmetrics -h mydbinstance.cipenhlkhjrl.us-east-1.rds.amazonaws.com -U wheel mydb
2
3
pgmetrics run at: 24 Mar 2019 7:54:43 AM (14 seconds ago)
4
5
PostgreSQL Cluster:
6
Name:
7
Server Version: 11.1
8
Server Started: 24 Mar 2019 7:41:33 AM (13 minutes ago)
9
System Identifier: 6649771538356156598
10
Timeline: 1
11
Last Checkpoint: 24 Mar 2019 7:52:07 AM (2 minutes ago)
12
REDO LSN: 0/10001230
13
Checkpoint LSN: 0/10001268 (56 B since REDO)
14
Transaction IDs: 562 to 621 (diff = 59)
15
Notification Queue: 0.0% used
16
Active Backends: 3 (max 87)
17
Recovery Mode? no
18
19
[..snip..]
Copied!
You should now be able to invoke pgmetrics without a password and see the text output. pgmetrics can generate the report in JSON format also, which we need so that we can send it to pgdash. Use the
-f json option for this:1
~$ PGPASSWORD='MY-PASSWORD' pgmetrics -h mydbinstance.cipenhlkhjrl.us-east-1.rds.amazonaws.com -U wheel -f json mydb
2
3
{
4
"meta": {
5
"version": "1.5",
6
"at": 1553394427,
7
"collected_dbs": [
8
"mydb"
9
],
10
"local": false
11
},
12
"start_time": 1553393493,
13
"system_identifier": "6649771538356156598",
14
"checkpoint_lsn": "0/140001D0",
15
"prior_lsn": "",
16
"redo_lsn": "0/14000198",
17
"timeline_id": 1,
18
19
[..snip..]
Copied!
4. Send pgmetrics Report to pgDash
To send the report generated by pgmetrics to pgDash, you'll need an API key. If you haven't signed up for pgDash yet, you can do that here. The API key can be found in your profile page.
To actually send the report, simply pipe the output of pgmetrics to the pgdash CLI tool:
1
pgmetrics -f json {args} | pgdash -a YOUR-API-KEY report RDS-INSTANCE-NAME
Copied!
for example:
1
~$ PGPASSWORD='MY-PASSWORD' pgmetrics -h mydbinstance.cipenhlkhjrl.us-east-1.rds.amazonaws.com -U wheel -f json mydb | pgdash -a hkBjMH5qgtzTpPj8LpYQSM report mydbinstance
Copied!
Note that you should be able to let pgmetrics execute without prompting for a password, otherwise this command will appear to hang (it's actually waiting for a password).
We recommend using the RDS instance name so that it is easy to identify and relate to in the pgDash UI.
Tip: If you get a 429 error, it means you're getting rate limited. You'll need to wait 60 seconds at least before trying to send another report.
5. (Optional) Setup the pg_stat_statements Extension
pg_stat_statements is a very useful extension that is bundled by default in RDS. It provides information about query performance that pgmetrics can collect and report. You can find more information about pg_stat_statements here in the PostgreSQL docs.
Locate the Parameter Group
Locate and open the parameter group for your RDS instance:
In this case, the group is called "default.postgres11".
Ensure shared_preload_libraries is present
Search for shared_preload_libraries and ensure that it has contains the value pg_stat_statements. This might already be enabled in your case. Note that if you had to add it, you'll need to restart your RDS instance because PostgreSQL loads shared libraries only at startup.
Create the extension
Run the "CREATE EXTENSION" command to create the extension in the database. You must do this in each database you need to monitor.
1
~$ psql -h mydbinstance.cipenhlkhjrl.us-east-1.rds.amazonaws.com -U wheel mydb
2
Password for user wheel:
3
Timing is on.
4
Null display is "~".
5
psql (10.6 (Ubuntu 10.6-0ubuntu0.18.10.1), server 11.1)
6
WARNING: psql major version 10, server major version 11.
7
Some psql features might not work.
8
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
9
Type "help" for help.
10
11
mydb=> CREATE EXTENSION pg_stat_statements;
12
CREATE EXTENSION
13
Time: 381.516 ms
14
mydb=>
15
Copied!
Check if a SELECT works for the pgmetrics user
Finally, you should check if the user which pgmetrics is connecting as has permissions to do a SELECT from the pg_stat_statements view:
1
mydb=> SELECT * FROM pg_stat_statements LIMIT 1;
2
userid | dbid | queryid | query
3
--------+-------+----------------------+-----------------------------------------------------------------------------------------------
4
10 | 16384 | -3405321599851175834 | select coalesce(max(pg_current_wal_lsn()::pg_lsn - slots.restart_lsn), $1) as slot_byte_lag fr
5
(1 row)
6
Copied!
That's it! pgmetrics will automatically collect SQL query metrics if this extension is present.
6. (Optional) Collect AWS CloudWatch Metrics
pgmetrics can also collect metrics from AWS CloudWatch, for RDS Postgres and RDS Aurora (with Postgres engine) services. This provides information about the VM instance where the database engine is running, including memory and disk usage. pgmetrics will also collect Enhanced Monitoring metrics if you've enabled that in your AWS setup. It will also collect PostgreSQL logs via AWS CloudWatch Logs.
To let pgmetrics collect CloudWatch metrics, also pass the database instance ID of the database being monitored as the --aws-rds-dbid option to pgmetrics:
1
$ pgmetrics --aws-rds-dbid=mydbinstance-id {args} | pgdash {args}
Copied!
pgmetrics supports standard methods of accessing the credentials required for calling the AWS APIs. As a best practice, AWS recommends that you specify credentials in the following order:
- Use IAM roles for Amazon EC2 (if your application is running on an Amazon EC2 instance)
- Use a shared credentials file (~/.aws/credentials)
- Use environment variables (AWS_REGION, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and others)
Finally, note that AWS will charge you for the API calls made by pgmetrics to collect this information. See the AWS CloudWatch pricing page for more details.
Last modified 10mo ago