Using PMM in AWS with IAM Role instead of IAM User and keys

Percona Monitoring and Management (PMM) PMM 2.x
1

We are using PMM from the AWS Marketplace to monitor AWS RDS instances. Great product. Thanks a lot. :slight_smile:

I installed the recommended way and added many RDS instances w/o any problem using an IAM User with the created keys.
And the day came to rotate the used Access key… Unfortunately I didn’t found an easy way (except to delete and add the instances again) to change the used IAM key.

Based on the documentation I can use IAM Role instead of an IAM User with Access Keys.
I created the role and attached to the policy and the EC2 instance too.
My problem is that I’m not able to discover/add the available RDS instances in the subscription because the “PMM Add Instance / AWS RDS MySQL or Aurora MySQL” option requires a SECRET_KEY_ID and SECRET_ACCESS_KEY.

How can I setup the PMM to use/force the associated IAM Role? Is there any documentation/guide in this topic?

Thanks in Advance.

2

@peter.takacs the option how to set this up described in Amazon RDS - Percona Monitoring and Management but not clear (

Also, while testing it I’ve found [PMM-7690] AWS discovery and monitoring based on IAM roles is not working - Percona JIRA so you can subscribe to the Jira issue and will be notified when we’ll fix this

1 Like
3

We have the same issue in version 2.16.0 on AWS.

1 Like
4

Thanks!
I was able to confirm this “bug” and it’s reported as [PMM-7690] AWS discovery and monitoring based on IAM roles is not working - Percona JIRA
We’ll fix it soon in 2.18 release

1 Like
5

Great, thank you for the fast feedback! Looking forward to the fix :slight_smile:

1 Like
6

This appears to be resolved.
https://jira.percona.com/browse/PMM-7690

7

@matthewb Could help me with resolution of this issue? I couldn’t find it on PMM-7690. I am getting this error while trying to list RDS Instance through role.
‘The security token included in the request is invalid’.