> ## Documentation Index
> Fetch the complete documentation index at: https://docs.monk.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Amazon RDS

> Managed relational databases (MySQL, Postgres, and more).

## What is this integration?

Amazon RDS makes it easy to set up, operate, and scale relational databases in the cloud.

## What Monk manages

* DB instance, subnet group, security group

## What the Agent can do and how to use it

* **Database Creation**: Provision MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server instances
* **Backup & Recovery**: Configure automated backups, point-in-time recovery, and manual snapshots
* **Scaling**: Modify instance types, storage, and enable read replicas for scaling
* **High Availability**: Set up Multi-AZ deployments for automatic failover
* **Security**: Configure VPC isolation, security groups, and encryption at rest
* **Maintenance**: Schedule and manage automated maintenance windows
* **Monitoring**: Enable Enhanced Monitoring and Performance Insights
* **Parameter Groups**: Customize database engine parameters and configurations

Steps:

1. Ensure AWS provider is added: monk cluster provider add -p aws
2. monk update \<namespace>/\<name>

## Obtaining AWS Credentials

AWS RDS uses your AWS account credentials. You'll need AWS access keys with appropriate permissions.

### What You'll Need

* **AWS Access Key ID**
* **AWS Secret Access Key**
* **Optional:** Default region (e.g., `us-east-1`)

### Step-by-Step

1. **Log into AWS Console** at [https://console.aws.amazon.com](https://console.aws.amazon.com)
2. Navigate to **IAM** → **Users**
3. Select your IAM user or **Create user** for Monk
4. Go to **Security credentials** tab
5. Click **Create access key**
6. Choose use case: **"Third-party service"**
7. Click **Next** → **Create access key**
8. **Copy Access Key ID** and **Secret Access Key**
9. Save them securely - secret key shown only once

### Required IAM Permissions

Attach these AWS managed policies to the user:

* `AmazonRDSFullAccess` - For RDS management
* `AmazonEC2FullAccess` - For VPC and security groups
* `IAMReadOnlyAccess` - For verification

Or create a custom policy with: RDS, EC2 (VPC, security groups), and IAM read access.

### Providing to Monk

When deploying with AWS RDS, ask Monk:

```
deploy to AWS with RDS for PostgreSQL
```

```
use AWS RDS MySQL database
```

Monk will request AWS credentials if not already configured.

### Security Best Practices

✅ **Use IAM user for Monk** - Not your personal admin account
✅ **Enable MFA** on the account managing the IAM user
✅ **Rotate keys every 90 days**
✅ **Monitor with CloudTrail** - Track API usage
✅ **Use minimal permissions** - Only grant what Monk needs

## Auth

* Uses AWS provider credentials (Access Key ID and Secret Access Key)

## Getting Started

1. Provide AWS credentials to Monk when deploying:

```
deploy with AWS RDS
```

### CLI Reference (Advanced)

For manual provider configuration:

```bash theme={null}
monk cluster provider add -p aws
```

2. Define an RDS instance (save as rds.yaml):

```yaml theme={null}
namespace: my-app

my-mysql-db:
  defines: aws-rds/rds-instance
  region: us-east-1
  db_instance_identifier: my-mysql-instance
  db_instance_class: db.t3.micro
  engine: mysql
  master_username: admin
  password_secret_ref: my-mysql-db-password
```

3. Create/update:

```bash theme={null}
monk update my-app/my-mysql-db
monk describe my-app/my-mysql-db
```

## Backup & Snapshot Actions

| Action               | Description                                                |
| -------------------- | ---------------------------------------------------------- |
| `get-backup-info`    | View backup retention, window, and automated backup status |
| `create-snapshot`    | Create an on-demand manual snapshot                        |
| `list-snapshots`     | List available snapshots (manual and automated)            |
| `describe-snapshot`  | Get detailed information about a specific snapshot         |
| `delete-snapshot`    | Delete a manual snapshot                                   |
| `restore`            | Restore to a new RDS instance from a snapshot              |
| `get-restore-status` | Check status of a restored instance                        |

```bash theme={null}
# View backup configuration
monk do my-app/my-mysql-db/get-backup-info

# Create a snapshot before maintenance
monk do my-app/my-mysql-db/create-snapshot snapshot_id="pre-upgrade"

# List available snapshots
monk do my-app/my-mysql-db/list-snapshots

# Restore to a new instance
monk do my-app/my-mysql-db/restore snapshot_id="pre-upgrade" target_id="restored-db"

# Check status of restored instance
monk do my-app/my-mysql-db/get-restore-status instance_id="restored-db"
```