Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.monk.io/llms.txt

Use this file to discover all available pages before exploring further.

What is this integration?

Amazon RDS makes it easy to set up, operate, and scale relational databases in the cloud.

What Monk manages

  • DB instance, subnet group, security group

What the Agent can do and how to use it

  • Database Creation: Provision MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server instances
  • Backup & Recovery: Configure automated backups, point-in-time recovery, and manual snapshots
  • Scaling: Modify instance types, storage, and enable read replicas for scaling
  • High Availability: Set up Multi-AZ deployments for automatic failover
  • Security: Configure VPC isolation, security groups, and encryption at rest
  • Maintenance: Schedule and manage automated maintenance windows
  • Monitoring: Enable Enhanced Monitoring and Performance Insights
  • Parameter Groups: Customize database engine parameters and configurations
Steps:
  1. Ensure AWS provider is added: monk cluster provider add -p aws
  2. monk update <namespace>/<name>

Obtaining AWS Credentials

AWS RDS uses your AWS account credentials. You’ll need AWS access keys with appropriate permissions.

What You’ll Need

  • AWS Access Key ID
  • AWS Secret Access Key
  • Optional: Default region (e.g., us-east-1)

Step-by-Step

  1. Log into AWS Console at https://console.aws.amazon.com
  2. Navigate to IAMUsers
  3. Select your IAM user or Create user for Monk
  4. Go to Security credentials tab
  5. Click Create access key
  6. Choose use case: “Third-party service”
  7. Click NextCreate access key
  8. Copy Access Key ID and Secret Access Key
  9. Save them securely - secret key shown only once

Required IAM Permissions

Attach these AWS managed policies to the user:
  • AmazonRDSFullAccess - For RDS management
  • AmazonEC2FullAccess - For VPC and security groups
  • IAMReadOnlyAccess - For verification
Or create a custom policy with: RDS, EC2 (VPC, security groups), and IAM read access.

Providing to Monk

When deploying with AWS RDS, ask Monk: 
deploy to AWS with RDS for PostgreSQL

use AWS RDS MySQL database
Monk will request AWS credentials if not already configured.

Security Best Practices

Use IAM user for Monk - Not your personal admin account ✅ Enable MFA on the account managing the IAM user ✅ Rotate keys every 90 daysMonitor with CloudTrail - Track API usage ✅ Use minimal permissions - Only grant what Monk needs

Auth

  • Uses AWS provider credentials (Access Key ID and Secret Access Key)

Getting Started

  1. Provide AWS credentials to Monk when deploying:
deploy with AWS RDS

CLI Reference (Advanced)

For manual provider configuration: 
monk cluster provider add -p aws
  1. Define an RDS instance (save as rds.yaml):
namespace: my-app

my-mysql-db:
  defines: aws-rds/rds-instance
  region: us-east-1
  db_instance_identifier: my-mysql-instance
  db_instance_class: db.t3.micro
  engine: mysql
  master_username: admin
  password_secret_ref: my-mysql-db-password
  1. Create/update:
monk update my-app/my-mysql-db
monk describe my-app/my-mysql-db

Backup & Snapshot Actions

ActionDescription
get-backup-infoView backup retention, window, and automated backup status
create-snapshotCreate an on-demand manual snapshot
list-snapshotsList available snapshots (manual and automated)
describe-snapshotGet detailed information about a specific snapshot
delete-snapshotDelete a manual snapshot
restoreRestore to a new RDS instance from a snapshot
get-restore-statusCheck status of a restored instance
# View backup configuration
monk do my-app/my-mysql-db/get-backup-info

# Create a snapshot before maintenance
monk do my-app/my-mysql-db/create-snapshot snapshot_id="pre-upgrade"

# List available snapshots
monk do my-app/my-mysql-db/list-snapshots

# Restore to a new instance
monk do my-app/my-mysql-db/restore snapshot_id="pre-upgrade" target_id="restored-db"

# Check status of restored instance
monk do my-app/my-mysql-db/get-restore-status instance_id="restored-db"