Back to Blog
How-To Guides

Checking that Enhanced Monitoring is Enabled on Your RDS Instances

Enhanced Monitoring lets you view real-time performance metrics and catch issues earlier. In this guide, we'll find any RDS instances that don't Enhanced Monitoring enabled and turn it on.

Patrick Londa
Author
Sep 27, 2022
 • 
4
 min read
Share this post

Amazon RDS is a popular service that allows organizations to efficiently operate and scale a relational database in the AWS Cloud. If you are using RDS DB instances, monitoring their performance could be business-critical.

Enhanced Monitoring is a feature that enables organizations to collect more frequent, real-time metrics about the operating system that your DB instances run on.

These metrics are displayed in your Amazon CloudWatch Logs account and available to be used to identify potential failures, overloads, and anomalies. Enhanced monitoring adds more layers of reliability, availability, and performance to your existing AWS monitoring features and capabilities.

Blink Automation: Ensure Enhanced Monitoring is Enabled for AWS RDS Instances
Blink + AWS
Try This Automation

Finding RDS instances Without Enhanced Monitoring

You can tell that an instance does not have Enhanced Monitoring turned on if its monitoring interval is set to 0. The monitoring interval indicates how many seconds go by between collecting Enhanced Monitoring metrics.

To find RDS instances that have Enhanced Monitoring turned off, you can use this AWS CLI command that uses a JMESPath expression:

aws rds describe-db-instances 
--query 'DBInstances[?MonitoringInterval=="0"].[DBInstanceIdentifier,DBInstanceStatus]' 
--output text

The output of this command lists the identifier and status for each applicable instance. 

Now that you know which instances do not currently have enhanced monitoring turned on, you can modify them to turn it on.

Turning On Enhanced Monitoring for RDS instances

To enable Enhanced Monitoring for RDS instances with the AWS CLI, you need an IAM role that has the necessary permissions. If you don’t already have a role for this, you can create one in the IAM console. Here’s how:

Create an IAM role

  1. Open the IAM console.
  2. Find Roles in the navigation pane.
  3. Click Create roles.
  4. Choose AWS service and RDS.
  5. Select RDS - Enhanced Monitoring and click Next.
  6. Double check that Permissions Policies is set to AmazonRDSEnhancedMonitoringRole and click Next.
  7. Enter a name for your role under Role Name.
  8. Click Create Role.

This IAM role grants Enhanced Monitoring permissions to act on your behalf to send automated OS metric information to CloudWatch Logs.

Turning on Enhanced Monitoring Using the CLI

To turn on Enhanced Monitoring, there are two modifications you need to make:

  1. Set the monitoring interval for your chosen RDS instances at one value of 1, 5, 10, 15, 30, or 60 but not 0.
  2. Set the --monitoring-role-arn option to your created AMI role
Turn on Enhanced Monitoring for a DB instance:

For Linux, macOS, or Unix:

aws rds modify-db-instance \
    --db-instance-identifier mydbinstance \
    --monitoring-interval 30 \
    --monitoring-role-arn arn:aws:iam::123456789012:role/emaccess

For Windows:

aws rds modify-db-instance ^
    --db-instance-identifier mydbinstance ^
    --monitoring-interval 30 ^
    --monitoring-role-arn arn:aws:iam::123456789012:role/emaccess

If you are using a Multi-AZ DB cluster instead, enabling Enhanced Monitoring requires a different command.

Turn on Enhanced Monitoring for a Multi-AZ DB cluster:

For Linux, macOS, or Unix:

aws rds modify-db-cluster \
    --db-cluster-identifier mydbcluster \
    --monitoring-interval 30 \
    --monitoring-role-arn arn:aws:iam::123456789012:role/emaccess

For Windows:

aws rds modify-db-cluster ^
    --db-cluster-identifier mydbcluster ^
    --monitoring-interval 30 ^
    --monitoring-role-arn arn:aws:iam::123456789012:role/emaccess

Once you have turned on Enhanced Monitoring, you’ll have real-time visibility into the performance of your RDS instances.

Automating Enhanced Monitoring Checks with Blink

You can run this check every now and again, but by the time you realize you don’t have enhanced monitoring enabled on a new instance, you will have missed out on collecting metrics for a period of time.

With Blink, you can run this automation regularly to detect RDS instances without Enhanced Monitoring enabled.

Blink Automation: Ensure Enhanced Monitoring are Configured for RDS DB Instances and Clusters in AWS
Blink Automation: Ensure Enhanced Monitoring are Configured for RDS DB Instances and Clusters in AWS

When this automation runs, it executes the following actions:

  1. Checks whether Enhanced Monitoring is configured for all RDS DB instances and clusters.
  2. Sends a report with the results via email.

You can import this automation from the Blink library and customize it however you like. For example, you could add an action to enable Enhanced Monitoring for resources not already enabled pending someone’s approval in Slack.

In Blink, you can also create automations from scratch to meet your team’s unique needs using the hundreds of drag-and-drop actions available from a wide range of tools.

Get started with Blink today and see how easy automation can be.

Automate your security operations everywhere.

Blink is secure, decentralized, and cloud-native. 
Get modern cloud and security operations today.

Get a Demo
Compliance & Governance
Resource Management
AWS