Skip to main content

What is this integration?

Amazon RDS makes it easy to set up, operate, and scale relational databases in the cloud.

What Monk manages

  • DB instance, subnet group, security group

What the Agent can do and how to use it

  • Database Creation: Provision MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server instances
  • Backup & Recovery: Configure automated backups, point-in-time recovery, and manual snapshots
  • Scaling: Modify instance types, storage, and enable read replicas for scaling
  • High Availability: Set up Multi-AZ deployments for automatic failover
  • Security: Configure VPC isolation, security groups, and encryption at rest
  • Maintenance: Schedule and manage automated maintenance windows
  • Monitoring: Enable Enhanced Monitoring and Performance Insights
  • Parameter Groups: Customize database engine parameters and configurations
Steps:
  1. Ensure AWS provider is added: monk cluster provider add -p aws
  2. monk update <namespace>/<name>

Obtaining AWS Credentials

AWS RDS uses your AWS account credentials. You’ll need AWS access keys with appropriate permissions.

What You’ll Need

  • AWS Access Key ID
  • AWS Secret Access Key
  • Optional: Default region (e.g., us-east-1)

Step-by-Step

  1. Log into AWS Console at https://console.aws.amazon.com
  2. Navigate to IAMUsers
  3. Select your IAM user or Create user for Monk
  4. Go to Security credentials tab
  5. Click Create access key
  6. Choose use case: “Third-party service”
  7. Click NextCreate access key
  8. Copy Access Key ID and Secret Access Key
  9. Save them securely - secret key shown only once

Required IAM Permissions

Attach these AWS managed policies to the user:
  • AmazonRDSFullAccess - For RDS management
  • AmazonEC2FullAccess - For VPC and security groups
  • IAMReadOnlyAccess - For verification
Or create a custom policy with: RDS, EC2 (VPC, security groups), and IAM read access.

Providing to Monk

When deploying with AWS RDS, ask Monk: 
deploy to AWS with RDS for PostgreSQL

use AWS RDS MySQL database
Monk will request AWS credentials if not already configured.

Security Best Practices

Use IAM user for Monk - Not your personal admin account ✅ Enable MFA on the account managing the IAM user ✅ Rotate keys every 90 daysMonitor with CloudTrail - Track API usage ✅ Use minimal permissions - Only grant what Monk needs

Auth

  • Uses AWS provider credentials (Access Key ID and Secret Access Key)

Getting Started

  1. Provide AWS credentials to Monk when deploying:
deploy with AWS RDS

CLI Reference (Advanced)

For manual provider configuration: 
monk cluster provider add -p aws
  1. Define an RDS instance (save as rds.yaml):
namespace: my-app

my-mysql-db:
  defines: aws-rds/rds-instance
  region: us-east-1
  db_instance_identifier: my-mysql-instance
  db_instance_class: db.t3.micro
  engine: mysql
  master_username: admin
  password_secret_ref: my-mysql-db-password
  1. Create/update:
monk update my-app/my-mysql-db
monk describe my-app/my-mysql-db

Backup & Snapshot Actions

ActionDescription
get-backup-infoView backup retention, window, and automated backup status
create-snapshotCreate an on-demand manual snapshot
list-snapshotsList available snapshots (manual and automated)
describe-snapshotGet detailed information about a specific snapshot
delete-snapshotDelete a manual snapshot
restoreRestore to a new RDS instance from a snapshot
get-restore-statusCheck status of a restored instance
# View backup configuration
monk do my-app/my-mysql-db/get-backup-info

# Create a snapshot before maintenance
monk do my-app/my-mysql-db/create-snapshot snapshot_id="pre-upgrade"

# List available snapshots
monk do my-app/my-mysql-db/list-snapshots

# Restore to a new instance
monk do my-app/my-mysql-db/restore snapshot_id="pre-upgrade" target_id="restored-db"

# Check status of restored instance
monk do my-app/my-mysql-db/get-restore-status instance_id="restored-db"