AWS RDS PostgreSQL Integration

AWS RDS for PostgreSQL monitoring is essential for tracking database performance, query behavior, and resource utilization in cloud environments. This guide explains how to set up AWS RDS PostgreSQL monitoring in Middleware using an EC2 host agent, enabling full observability into queries, metrics, and performance bottlenecks. The agent runs on an EC2 instance you control and connects to RDS over the network—not on the RDS instance itself.

Prerequisites#

• Middleware Host Agent on EC2: Install the Linux Host Agent on an EC2 instance that has network connectivity to your RDS endpoint. Follow Installing the Agent and the Linux Host Agent steps.
• Managed database: Do not attempt to install the Host Agent on RDS. RDS is a managed service; integration is always EC2 (agent) → AWS RDS for PostgreSQL using a credentials file on the EC2 host and the PostgreSQL integration in Middleware.

Retrieve connection details from AWS#

Gather the following before you configure Middleware:

• Endpoint and port: In the AWS console, open RDS → your DB instance → Connectivity & security. Copy the Endpoint (hostname) and Port (PostgreSQL is commonly 5432).
• Database name: The initial database created with the instance, or another database you created in the cluster.
• Username and password: The master user you defined when creating the instance, or a dedicated monitoring user you create in SQL (see Step 2). Store passwords securely (for example in AWS Secrets Manager or your team’s vault); rotate them according to your policy.

Network connectivity#

• Inbound access controls: Allow the PostgreSQL port (typically TCP 5432) from your EC2 host network range (or equivalent trusted source) in your network access controls.
• Placement: The EC2 instance running the agent should live in subnets and route tables that can reach the RDS endpoint (same VPC is typical; cross-VPC requires peering or Transit Gateway and matching network access controls/routes).
• Verification: From the EC2 instance, test connectivity (for example with psql or nc -zv <endpoint> <port>) before relying on the integration.

Setup#

1 Enable pg_stat_statements#

pg_stat_statements exposes per-statement stats that the integration relies on. On RDS you configure this with a DB parameter group, not by editing postgresql.conf on disk.

• In the AWS console, go to RDS → Parameter groups. Create a new parameter group (or modify a custom one) compatible with your engine version.
• Set parameters such as:
  • shared_preload_libraries — include pg_stat_statements (RDS may require a specific format for multiple libraries; follow AWS documentation for your engine version).
  • pg_stat_statements.track = all
  • pg_stat_statements.max = 10000 (or your chosen limit)
  • track_io_timing = 1
• Attach the parameter group to your DB instance and reboot the instance if AWS indicates a reboot is required for shared_preload_libraries changes to apply.
• Connect to RDS (for example with psql from EC2 or a bastion) and run as a user with sufficient privileges (for example a user in rds_superuser or equivalent for your setup):

CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
SELECT calls, query FROM pg_stat_statements LIMIT 1;

You should see a row once statements have executed (your values will differ):

calls | query
-------+-------------------------------
     8 | SELECT * FROM t WHERE field = $1

2 (optional): Create a least-privileged user#

If you do not want to use the master user for monitoring, create a read-only user with minimal privileges. Run against the RDS endpoint (for example from the EC2 instance using psql):

CREATE USER lpu WITH PASSWORD 'pass';

Verify:

\du

Grant minimal access:

-- allow connections to the database you'll monitor
GRANT CONNECT ON DATABASE <your_db_name> TO lpu;

-- permit reading statement stats
GRANT SELECT ON pg_stat_statements TO lpu;

-- permit reading global stats where needed
GRANT pg_read_all_stats TO lpu;

Test with the lpu account:

SELECT calls, query FROM pg_stat_statements LIMIT 1;

3 Open the integration in Middleware#

In Middleware, go to Installations → All Integrations → PostgreSQL.

4 Fill the integration form#

In the PostgreSQL integration form:

• Select the EC2 host (from the dropdown) where the Middleware Host Agent runs.
• Enter the required connection details:
  • Database name
  • RDS endpoint
  • Username
  • Password
• (Optional) Query Collection:
  • Query Sample Collection captures sampled query activity (query text, state, wait events, and client/application details) for troubleshooting.
  • Top Query Collection captures aggregated high-impact query metrics (calls, rows, block I/O, and planning/execution timings) from pg_stat_statements.
• (Optional) Schema Collection captures database schema and table metadata for schema visibility in Middleware.
• TLS Settings:
  • If Allow Insecure is false and Skip Certificate Verification is false, provide the CA certificate file path.
  • For AWS RDS, download the CA bundle on the EC2 host and use that path in the form:

    curl -O https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem

5 Save and enable the integration#

• Click Save.

Once saved, the integration starts ingesting metrics from your RDS instance.

Visualise your Data#

Default PostgreSQL dashboard#

After setup, Middleware adds a PostgreSQL dashboard to the Dashboard Builder. Use it as a starting point to explore key DB metrics without building widgets from scratch.

Create custom widgets#

When adding a widget, choose data source postgresql to browse all exposed metrics and craft charts for your SLOs or run-book checks.

Alerts#

You can alert on any PostgreSQL metric. Create a rule using Database as the detection method and PostgreSQL as the database type; the Metrics dropdown then lists all available metrics for this integration. Configure conditions, thresholds, and recipients as usual.

Metrics Collected#

The following metrics are emitted when enabled in the PostgreSQL receiver (names and descriptions align with the integration’s metric definitions). RDS PostgreSQL uses the same metric set as self-hosted PostgreSQL.

Core Engine & Storage#

Tables, Indexes & Maintenance#

TOAST#

Transactions & Row Activity#

Checkpointing & Background Writer#

Connections & Limits#

Statement-level (via pg_stat_statements)#

Replication & WAL#

Live Row Estimates#

Active Transaction Duration#

Troubleshooting#

“Integrations” menu not visible

If you do not see Integrations in Middleware, your account probably lacks Installation permissions. Ask an admin to add Installation to your role in Settings.

No metrics or connection failures

• Confirm outbound access from EC2 to RDS and inbound PostgreSQL access on RDS from the EC2 network path (or correct CIDR).
• Confirm the credentials file uses the RDS endpoint and port reachable from EC2.
• Verify pg_stat_statements is enabled and the database user has the grants from Step 2.