Configuring Database Monitoring for Amazon Aurora DB Clusters
This guide assumes you have configured Database Monitoring for your Amazon Aurora Postgres or MySQL databases.
Before you begin
- Supported databases
- Postgres, MySQL
- Supported Agent versions
- 7.53.0+
Overview
Datadog’s Autodiscovery enables you to configure monitoring in dynamic infrastructures. You can use this feature to monitor your Aurora clusters without having to list individual database host endpoints (for example, postgres.d/conf.yaml
). This is especially helpful for clusters that use Aurora Auto Scaling, which dynamically adjusts the number of Aurora Replicas in response to variations in connectivity or workload. Autodiscovery automatically discovers and monitors both primary and replica endpoint instances.
With Autodiscovery and Database Monitoring, you can define configuration templates for Postgres or MySQL checks and specify which clusters to apply each check to.
Enabling Autodiscovery for Aurora clusters
- Grant AWS permissions
- Configure Aurora tags
- Configure the Datadog Agent
- Create a configuration template
Grant AWS permissions
The Datadog Agent requires permission to run rds:DescribeDBClusters
and rds:DescribeDBInstances
in your AWS account. Datadog recommends that you attach an IAM role policy to the EC2 instance where the Agent is running.
An example policy that grants these permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBClusters",
"rds:DescribeDBInstances"
],
"Resource": [
"arn:aws:rds:<region>:<account>:cluster:*",
"arn:aws:rds:<region>:<account>:db:*"
]
}
]
}
You can also attach the AmazonRDSReadOnlyAccess
policy.
By default, the listener discovers all Aurora clusters in the account and region where the Agent is running that have the datadoghq.com/scrape:true
tag applied. You can also configure the Agent to discover clusters with specific tags.
You must apply these tags to the DB cluster (Role: Regional cluster
). For more information on tagging RDS resources, see the AWS documentation.
Autodiscovery uses an Agent service listener, which discovers all database host endpoints in an Aurora cluster and forwards discovered endpoints to the existing Agent check scheduling pipeline. You can configure the listener in the datadog.yaml
file:
database_monitoring:
autodiscovery:
aurora:
enabled: true
Note: The Agent only discovers Aurora instances running in the same region as the Agent. To determine the region of the instance, the Agent uses IMDS (Instance Metadata Service). If your EC2 instance requires IMDSv2
, you must configure the Agent to use IMDSv2
by setting ec2_prefer_imdsv2: true
in datadog.yaml
, as shown below:
ec2_prefer_imdsv2: true
database_monitoring:
autodiscovery:
aurora:
enabled: true
By default, the listener only discovers Aurora clusters in the account and region where the Agent is running, and only those with the datadoghq.com/scrape:true
tag. You can also configure the listener to discover clusters with specific tags.
To specify custom tags for Aurora cluster discovery in the datadog.yaml
file:
database_monitoring:
autodiscovery:
aurora:
enabled: true
tags:
- "my-cluster-tag-key:value"
The listener queries the AWS API for the list of hosts in a loop. The frequency with which the listener queries the AWS API, in seconds, is configurable in the datadog.yaml
file:
database_monitoring:
autodiscovery:
aurora:
enabled: true
discovery_interval: 300
Create a configuration template
The Datadog Agent supports configuration templates for the Postgres and MySQL integrations. Define a configuration template for the Aurora clusters you wish to monitor.
First, add an ad_identifier
for Aurora-managed Postgres to your configuration template (postgres.d/conf_aws_aurora.yaml
) file:
ad_identifiers:
- _dbm_postgres_aurora
Then, define the remainder of the template. Use template variables for parameters that may change, such as host
and port
.
The following example configuration template is applied to every instance discovered in the Aurora cluster:
ad_identifiers:
- _dbm_postgres_aurora
init_config:
instances:
- host: "%%host%%"
port: "%%port%%"
username: datadog
dbm: true
aws:
instance_endpoint: "%%host%%"
region: "%%extra_region%%"
tags:
- "dbclusteridentifier:%%extra_dbclusteridentifier%%"
- "region:%%extra_region%%"
In this example, the template variables %%host%%
, %%port%%
, %%extra_dbclusteridentifier%%
, and %%extra_region%%
are dynamically populated with information from the Aurora cluster.
To use [IAM authentication][2] to connect to your Aurora cluster, use the following template:
ad_identifiers:
- _dbm_postgres_aurora
init_config:
instances:
- host: "%%host%%"
port: "%%port%%"
username: datadog
dbm: true
aws:
instance_endpoint: "%%host%%"
region: "%%extra_region%%"
managed_authentication:
enabled: "%%extra_managed_authentication_enabled%%"
tags:
- "dbclusteridentifier:%%extra_dbclusteridentifier%%"
- "region:%%extra_region%%"
The template variable %%extra_managed_authentication_enabled%%
resolves to true
if the instance is using IAM authentication.
First, add an ad_identifier
for Aurora-managed MySQL to your configuration template (mysql.d/conf_aws_aurora.yaml
) file:
ad_identifiers:
- _dbm_mysql_aurora
Then, define the remainder of the template. Use template variables for parameters that may change, such as host
and port
.
The following example configuration template is applied to every instance discovered in the Aurora cluster:
ad_identifiers:
- _dbm_mysql_aurora
init_config:
instances:
- host: "%%host%%"
port: "%%port%%"
username: datadog
dbm: true
aws:
instance_endpoint: "%%host%%"
tags:
- "dbclusteridentifier:%%extra_dbclusteridentifier%%"
- "region:%%extra_region%%"
In this example, the template variables %%host%%
, %%port%%
, %%extra_dbclusteridentifier%%
, and %%extra_region%%
are dynamically populated with information from the Aurora cluster.
For more information on configuring Autodiscovery with integrations, see the Autodiscovery documentation.
Supported template variables
Template variable | Source |
---|
%%host%% | The Aurora instance endpoint |
%%port%% | The port of the Aurora instance |
%%extra_region%% | The AWS region where the instance is located |
%%extra_dbclusteridentifier%% | The cluster identifier of the discovered Aurora cluster |
%%extra_managed_authentication_enabled%% | Whether IAM authentication enabled on the cluster. This is used to determine if managed authentication should be used for Postgres. |