RDS Enhanced Monitoring: How to Check and Enable it on AWS

Learn how to check and enable Enhanced Monitoring on RDS instances. View real-time metrics and catch issues early with our step-by-step guide

Patrick Londa

Author

Sep 27, 2022

•

min read

Share this post

Amazon RDS is a popular service that allows organizations to efficiently operate and scale a relational database in the AWS Cloud. If you are using RDS DB instances, monitoring their performance could be business-critical.

Enhanced Monitoring is a feature that enables organizations to collect more frequent, real-time metrics about the operating system that your DB instances run on.

These metrics are displayed in your Amazon CloudWatch Logs account and available to be used to identify potential failures, overloads, and anomalies. Enhanced monitoring adds more layers of reliability, availability, and performance to your existing AWS monitoring features and capabilities.

Blink Automation: Ensure Enhanced Monitoring is Enabled for AWS RDS Instances

Blink + AWS

Try This Automation

Finding RDS instances Without Enhanced Monitoring

You can tell that an instance does not have Enhanced Monitoring turned on if its monitoring interval is set to 0. The monitoring interval indicates how many seconds go by between collecting Enhanced Monitoring metrics.

To find RDS instances that have Enhanced Monitoring turned off, you can use this AWS CLI command that uses a JMESPath expression:

aws rds describe-db-instances 
--query 'DBInstances[?MonitoringInterval=="0"].[DBInstanceIdentifier,DBInstanceStatus]' 
--output text

The output of this command lists the identifier and status for each applicable instance.

Now that you know which instances do not currently have enhanced monitoring turned on, you can modify them to turn it on.

Turning On Enhanced Monitoring for RDS instances

To enable Enhanced Monitoring for RDS instances with the AWS CLI, you need an IAM role that has the necessary permissions. If you don’t already have a role for this, you can create one in the IAM console. Here’s how:

Create an IAM role

Open the IAM console.
Find Roles in the navigation pane.
Click Create roles.
Choose AWS service and RDS.
Select RDS - Enhanced Monitoring and click Next.
Double check that Permissions Policies is set to AmazonRDSEnhancedMonitoringRole and click Next.
Enter a name for your role under Role Name.
Click Create Role.

This IAM role grants Enhanced Monitoring permissions to act on your behalf to send automated OS metric information to CloudWatch Logs.

Turning on Enhanced Monitoring Using the CLI

To turn on Enhanced Monitoring, there are two modifications you need to make:

Set the monitoring interval for your chosen RDS instances at one value of 1, 5, 10, 15, 30, or 60 but not 0.
Set the --monitoring-role-arn option to your created AMI role

Turn on Enhanced Monitoring for a DB instance:

For Linux, macOS, or Unix:

aws rds modify-db-instance \
    --db-instance-identifier mydbinstance \
    --monitoring-interval 30 \
    --monitoring-role-arn arn:aws:iam::123456789012:role/emaccess

For Windows:

aws rds modify-db-instance ^
    --db-instance-identifier mydbinstance ^
    --monitoring-interval 30 ^
    --monitoring-role-arn arn:aws:iam::123456789012:role/emaccess

If you are using a Multi-AZ DB cluster instead, enabling Enhanced Monitoring requires a different command.

Turn on Enhanced Monitoring for a Multi-AZ DB cluster:

For Linux, macOS, or Unix:

aws rds modify-db-cluster \
    --db-cluster-identifier mydbcluster \
    --monitoring-interval 30 \
    --monitoring-role-arn arn:aws:iam::123456789012:role/emaccess

For Windows:

aws rds modify-db-cluster ^
    --db-cluster-identifier mydbcluster ^
    --monitoring-interval 30 ^
    --monitoring-role-arn arn:aws:iam::123456789012:role/emaccess

Once you have turned on Enhanced Monitoring, you’ll have real-time visibility into the performance of your RDS instances.

Automating Enhanced Monitoring Checks with Blink

You can run this check every now and again, but by the time you realize you don’t have enhanced monitoring enabled on a new instance, you will have missed out on collecting metrics for a period of time.

With Blink, you can run this automation regularly to detect RDS instances without Enhanced Monitoring enabled.

Blink Automation: Ensure Enhanced Monitoring are Configured for RDS DB Instances and Clusters in AWS

When this automation runs, it executes the following actions:

Checks whether Enhanced Monitoring is configured for all RDS DB instances and clusters.
Sends a report with the results via email.

You can import this automation from the Blink library and customize it however you like. For example, you could add an action to enable Enhanced Monitoring for resources not already enabled pending someone’s approval in Slack.

In Blink, you can also create automations from scratch to meet your team’s unique needs using the hundreds of drag-and-drop actions available from a wide range of tools.

Get started with Blink today and see how easy automation can be.

Expert Tip

How-To Guides

How to Upgrade Your GKE Cluster to the Latest Version

Ensure your GKE clusters are secure and efficient by upgrading to the latest version. Follow our guide to manually upgrade your GKE clusters.

Articles

Avoid Vendor Lock-in with AI-Powered Security Automation

Discover how AI-powered security automation helps avoid vendor lock-in by standardizing and integrating data across various cybersecurity products.

How-To Guides

How to Detach an AWS EC2 Instance from Auto Scaling Group

Learn how to detach an AWS EC2 instance from its Auto Scaling group and load balancer for maintenance and testing. Follow these simple steps to get started.

Automate your security operations everywhere.

Blink is secure, decentralized, and cloud-native.  Get modern cloud and security operations today.

Get a Demo