PMM 2.30 not able to discover RDS Instances using IAM role

MySQL & MariaDB
,
1

Hi,

I installed PMM 2.30.0 from AWS AMI and configured IAM policy and IAM role. Also attached IAM role to the PMM EC2 instance but still unable to discover the RDS instances within the same region.

The PMM EC2 is having SG group with ports 80, 443 and 22 from 0.0.0.0/0. Moreover, performace_schema=1 and Enhanced Monitoring too is enabled for all RDS

Please support.

Thanks
Naveed

2

Hi @alinaveed welcome to the Percona forums!
Can you share your Policy for IAM? It should look like:

  "Statement": [{ "Sid": "Stmt1508404837000",
              "Effect": "Allow",
              "Action": [ "rds:DescribeDBInstances",
                          "cloudwatch:GetMetricStatistics",
                          "cloudwatch:ListMetrics"],
                          "Resource": ["*"] },
             { "Sid": "Stmt1508410723001",
               "Effect": "Allow",
               "Action": [ "logs:DescribeLogStreams",
                           "logs:GetLogEvents",
                           "logs:FilterLogEvents" ],
                           "Resource": [ "arn:aws:logs:*:*:log-group:RDSOSMetrics:*" ]}
           ]
}
1 Like
3

Thanks a lot for the response Micheal. Yes i have used the same IAM policy. Moreover i had multiple times repeated the steps as described in below link but same issue.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1508404837000",
            "Effect": "Allow",
            "Action": [
                "rds:DescribeDBInstances",
                "cloudwatch:GetMetricStatistics",
                "cloudwatch:ListMetrics"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1508410723001",
            "Effect": "Allow",
            "Action": [
                "logs:DescribeLogStreams",
                "logs:GetLogEvents",
                "logs:FilterLogEvents"
            ],
            "Resource": [
                "arn:aws:logs:*:*:log-group:RDSOSMetrics:*"
            ]
        }
    ]
}

However, one strange thing i m noticing it is able to discover 2 RDS instance from another region(us-east-1) but PMM EC2 is running on sa-east-1. I have even tried different versions of PMM from 2.29,2.30 and 2.31 and used different instance type as well. Also, tried using IAM user and attaching it to the above IAM policy, still no luck and unable to discover the RDS in sa-east-1 region.

1 Like
4

@Michael_Coburn @Aleksandar_Kostovski , The problem is timeout we have in the code which is set for 7 Seconds.

Whichever region has less instances it’s easy to fetch but when there are more instances it’e being timed out.

We can increase the timeout for discover function to make sure it waits before ending up with error.

2 Likes
5

I have faced the same issue, only instances in one region get discovered. I see the timeout is hardcoded as 7 second. Is there any plan to increase it?

Is there any other way to add RDS instances to PMM manually? using cmd for example, instead of the auto discovery feature?