From 00133fcebbcb1628d671c9a55f17af4253047f3a Mon Sep 17 00:00:00 2001 From: Frank Touserkani <94471063+ftouserkani-edb@users.noreply.github.com> Date: Wed, 4 Feb 2026 14:38:02 -0500 Subject: [PATCH 1/3] Include AWS_SESSION_TOKEN in RDS configuration Add AWS_SESSION_TOKEN to the configuration example. --- .../monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx b/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx index 5557bd3f63..5252aeb402 100644 --- a/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx +++ b/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx @@ -105,6 +105,7 @@ You can set up the agent to monitor all your AWS RDS deployments on HM. stringData: AWS_ACCESS_KEY_ID: replace_with_your_access_key_id AWS_SECRET_ACCESS_KEY: replace_with_your_secret_access_key + AWS_SESSION_TOKEN: replace_with_your_session_token AWS_REGION: example-us-east-1 BEACON_PROVIDER_AWS_CONSTANT_REGIONS: example-us-east-1 BEACON_PROVIDER_AWS_CONSTANT_PROJECT_ID: your_project_id From 46a18afb19c59202c9f2b42334b3e59d11b0c8a1 Mon Sep 17 00:00:00 2001 From: Nathan Faust Date: Wed, 4 Feb 2026 16:25:16 -0500 Subject: [PATCH 2/3] fix RDS configuration yaml secret indents --- .../mon_ext_dbs/mon_ext_csp/rds.mdx | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx b/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx index 5252aeb402..1160d7e1be 100644 --- a/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx +++ b/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx @@ -100,18 +100,18 @@ You can set up the agent to monitor all your AWS RDS deployments on HM. apiVersion: v1 kind: Secret metadata: - name: beacon-csp-credentials - namespace: upm-beacon + name: beacon-csp-credentials + namespace: upm-beacon stringData: - AWS_ACCESS_KEY_ID: replace_with_your_access_key_id - AWS_SECRET_ACCESS_KEY: replace_with_your_secret_access_key - AWS_SESSION_TOKEN: replace_with_your_session_token - AWS_REGION: example-us-east-1 - BEACON_PROVIDER_AWS_CONSTANT_REGIONS: example-us-east-1 - BEACON_PROVIDER_AWS_CONSTANT_PROJECT_ID: your_project_id - BEACON_AGENT_PROVIDERS: appliance,aws - BEACON_PROVIDER_AWS_MODE: constant - BEACON_PROVIDER_AWS_CONSTANT_SERVICES: rds + AWS_ACCESS_KEY_ID: replace_with_your_access_key_id + AWS_SECRET_ACCESS_KEY: replace_with_your_secret_access_key + AWS_SESSION_TOKEN: replace_with_your_session_token + AWS_REGION: example-us-east-1 + BEACON_PROVIDER_AWS_CONSTANT_REGIONS: example-us-east-1 + BEACON_PROVIDER_AWS_CONSTANT_PROJECT_ID: your_project_id + BEACON_AGENT_PROVIDERS: appliance,aws + BEACON_PROVIDER_AWS_MODE: constant + BEACON_PROVIDER_AWS_CONSTANT_SERVICES: rds EOF ``` 2. Restart the agent and external metrics receiver: From 66f9d2abdba99834727b484f2dfbcc5d999b61d6 Mon Sep 17 00:00:00 2001 From: Josh Earlenbaugh Date: Fri, 6 Feb 2026 16:19:07 -0500 Subject: [PATCH 3/3] Fixes for AWS SESSION_TOKEN and indentation fromr PR 7081 --- .../mon_ext_dbs/mon_ext_csp/rds.mdx | 30 +++++++++++-------- .../mon_ext_dbs/mon_ext_csp/rds.mdx | 21 +++++++------ 2 files changed, 29 insertions(+), 22 deletions(-) diff --git a/product_docs/docs/edb-postgres-ai/1.3/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx b/product_docs/docs/edb-postgres-ai/1.3/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx index 5557bd3f63..f6b17e17e4 100644 --- a/product_docs/docs/edb-postgres-ai/1.3/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx +++ b/product_docs/docs/edb-postgres-ai/1.3/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx @@ -12,7 +12,7 @@ You must have access to the Kubernetes environment where HM resides and also hav This access requirement is different from other external database monitoring situations with HM, such as [self-managed](../mon_with_agent) deployments of Postgres, where fewer privileges are required. -You must also ensure that the user credentials stored in the Kubernetes secret (beacon-csp-credentials) have sufficient permissions for the AWS RDS environment being monitored. Without these permissions, the system can't retrieve all available metrics. +You must also ensure that the user credentials stored in a Kubernetes secret, for example `example-beacon-csp-credentials`, have sufficient permissions for the AWS RDS environment being monitored. Without these permissions, the system can't retrieve all available metrics. To do this, you need to obtain an AWS access key of an IAM user with the following minimal permissions: @@ -91,28 +91,32 @@ You can set up the agent to monitor all your AWS RDS deployments on HM. Once you register an RDS region, the system adds every database you have in that RDS region. This can result in several resources being added to your estate. They are all under one project, so you either have access as a user to all the RDS databases or you don't have access to any of them. -1. Add your `beacon-csp-credentials` secret. +1. Add your `example-beacon-csp-credentials` secret. - Add your `beacon-csp-credentials` secret in your HM Kubernetes cluster's `upm-beacon` namespace: + Add your `example-beacon-csp-credentials` secret in your HM Kubernetes cluster's `upm-beacon` namespace. + + Example `yaml` sample: ``` kubectl apply -f - < + AWS_SECRET_ACCESS_KEY: + AWS_SESSION_TOKEN: + AWS_REGION: example-us-east-1 + BEACON_PROVIDER_AWS_CONSTANT_REGIONS: example-us-east-1 + BEACON_PROVIDER_AWS_CONSTANT_PROJECT_ID: + BEACON_AGENT_PROVIDERS: appliance,aws + BEACON_PROVIDER_AWS_MODE: constant + BEACON_PROVIDER_AWS_CONSTANT_SERVICES: rds EOF ``` + 2. Restart the agent and external metrics receiver: ``` diff --git a/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx b/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx index 1160d7e1be..4e900cbedd 100644 --- a/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx +++ b/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/monitoring/mon_ext_dbs/mon_ext_csp/rds.mdx @@ -4,7 +4,7 @@ navTitle: Monitoring RDS deployments description: Learn how to monitor AWS RDS deployments with Hybrid Manager. --- -You can monitor your Amazon Web Service (AWS) relational database service (RDS) deployments with Hybrid Manager (HM). +You can monitor your Amazon Web Service (AWS) Relational Database Service (RDS) deployments with Hybrid Manager (HM). ## Prerequisites @@ -12,7 +12,7 @@ You must have access to the Kubernetes environment where HM resides and also hav This access requirement is different from other external database monitoring situations with HM, such as [self-managed](../mon_with_agent) deployments of Postgres, where fewer privileges are required. -You must also ensure that the user credentials stored in the Kubernetes secret (beacon-csp-credentials) have sufficient permissions for the AWS RDS environment being monitored. Without these permissions, the system can't retrieve all available metrics. +You must also ensure that the user credentials stored in a Kubernetes secret, for example `example-beacon-csp-credentials`, have sufficient permissions for the AWS RDS environment being monitored. Without these permissions, the system can't retrieve all available metrics. To do this, you need to obtain an AWS access key of an IAM user with the following minimal permissions: @@ -91,29 +91,32 @@ You can set up the agent to monitor all your AWS RDS deployments on HM. Once you register an RDS region, the system adds every database you have in that RDS region. This can result in several resources being added to your estate. They are all under one project, so you either have access as a user to all the RDS databases or you don't have access to any of them. -1. Add your `beacon-csp-credentials` secret. +1. Add your `example-beacon-csp-credentials` secret. - Add your `beacon-csp-credentials` secret in your HM Kubernetes cluster's `upm-beacon` namespace: + Add your `example-beacon-csp-credentials` secret in your HM Kubernetes cluster's `upm-beacon` namespace. + + Example `yaml` sample: ``` kubectl apply -f - < + AWS_SECRET_ACCESS_KEY: + AWS_SESSION_TOKEN: AWS_REGION: example-us-east-1 BEACON_PROVIDER_AWS_CONSTANT_REGIONS: example-us-east-1 - BEACON_PROVIDER_AWS_CONSTANT_PROJECT_ID: your_project_id + BEACON_PROVIDER_AWS_CONSTANT_PROJECT_ID: BEACON_AGENT_PROVIDERS: appliance,aws BEACON_PROVIDER_AWS_MODE: constant BEACON_PROVIDER_AWS_CONSTANT_SERVICES: rds EOF ``` + 2. Restart the agent and external metrics receiver: ```