Monitoring rds postgres with pmm docker container

I am trying to setup rds postgres monitoring with pmm docker contaner. As part of setup , I created aws user plus following user policy plus separate db user with necessary permissions.

“Version”: “2012-10-17”,
“Statement”: [{
“Sid”: “Stmt1508404837003”,
“Effect”: “Allow”,
“Action”: [
“Resource”: [""]
“Sid”: “Stmt1508410723001”,
“Effect”: “Allow”,
“Action”: [
“Resource”: ["arn:aws:logs:


CREATE USER pmm_user with ENCRYPTED PASSWORD ‘xxxxzzzzzyyyy’;
grant rds_superuser to pmm_user;

Finally when I try to add rds postgres database using PMM GUI -> Add Remote Postgresql Instance, I run into following error


Any comments /suggestions ?

One more thing, db conection from pmm docker container to rds postgresql database using psql client works with no issues.

I think this is related to SSL configuration on pmm docker container. I checked the rds postgresql logs, and found following lines relevant to above error.

2019-08-26 20:13:28 UTC:[20063]:FATAL: no pg_hba.conf entry for host “”, user “pmm_user”, database “postgres”, SSL off 2019-08-26 20:19:45 UTC:[28180]:LOG: connection authorized: user=pmm_user database=postgres SSL enabled (protocol=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256, compression=off)

Issue is when I try to do “Add a remote PostgreSQL instance” using “_PMM Add Instance”, it trys to open db connection with SSL option disabled. And thats the reason the db connection is failing.



I was able to resolve this issue, by using pmm-admin commands from the docker container. Here is what I end up doing,

yum update -y
yum install initscripts

pmm-admin config --server --server-insecure-ssl --client-name

pmm-admin add postgresql --user=pmm_user --password=‘secret’ --port=5432 --sslmode require