Monitoring rds postgres with pmm docker container

I am trying to setup rds postgres monitoring with pmm docker contaner. As part of setup , I created aws user plus following user policy plus separate db user with necessary permissions.

{
“Version”: “2012-10-17”,
“Statement”: [{
“Sid”: “Stmt1508404837003”,
“Effect”: “Allow”,
“Action”: [
“rds:DescribeDBInstances”,
“cloudwatch:GetMetricStatistics”,
“cloudwatch:ListMetrics”
],
“Resource”: [“"]
},
{
“Sid”: “Stmt1508410723001”,
“Effect”: “Allow”,
“Action”: [
“logs:DescribeLogStreams”,
“logs:GetLogEvents”,
“logs:FilterLogEvents”
],
“Resource”: ["arn:aws:logs:
::log-group:RDSOSMetrics:”]
}
]

}


CREATE USER pmm_user with ENCRYPTED PASSWORD ‘xxxxzzzzzyyyy’;
grant rds_superuser to pmm_user;

Finally when I try to add rds postgres database using PMM GUI → Add Remote Postgresql Instance, I run into following error

[LEFT][COLOR=#D8D9DA]

Any comments /suggestions ?

One more thing, db conection from pmm docker container to rds postgresql database using psql client works with no issues.

I think this is related to SSL configuration on pmm docker container. I checked the rds postgresql logs, and found following lines relevant to above error.

2019-08-26 20:13:28 UTC:10.40.72.117(41640):pmm_user@postgres:[20063]:FATAL: no pg_hba.conf entry for host “10.40.72.117”, user “pmm_user”, database “postgres”, SSL off 2019-08-26 20:19:45 UTC:10.40.72.117(52212):pmm_user@postgres:[28180]:LOG: connection authorized: user=pmm_user database=postgres SSL enabled (protocol=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256, compression=off)

Issue is when I try to do “Add a remote PostgreSQL instance” using “_PMM Add Instance”, it trys to open db connection with SSL option disabled. And thats the reason the db connection is failing.

{{ [LEFT][COLOR=#D8D9DA]

}}

I was able to resolve this issue, by using pmm-admin commands from the docker container. Here is what I end up doing,

yum update -y
yum install initscripts

pmm-admin config --server 127.0.0.1 --server-insecure-ssl --client-name 10.xx.xx.xxx

pmm-admin add postgresql --host=postgres-dev.xxxxyyyyzzz.us-east-1.rds.amazonaws.com --user=pmm_user --password=‘secret’ --port=5432 --sslmode require