Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

RDS discovery across multiple AWS accounts

Description

Our documentation of using IAM roles mentions:

It’s also possible to create an IAM role to delegate permissions to an IAM user or to add permissions to a user belonging to another AWS account.

Ideally, the documentation could be extended by a description of how to apply the IAM role to the PMM server EC2 instance, which allows it to auto-discover RDS instances from multiple accounts.

 

 

How to test

None

How to document

None

AFFECTED CS IDs

CS0038763

Activity

János Ruszó December 14, 2023 at 9:02 AM

Hello

We have a similar issue... the PMM Server has IAM role already and able to assume the role on the other accounts, hoever, PMM UI has no support for that, it only accepts access/secret key on the UI

 

Furthermore, adding an RDS server on another account, without access/secret keys is impossible. Due to security reasons, we can only use IAM roles and assume roles, which seems to be supported by rds_exporter:
https://github.com/percona/rds_exporter with the aws_role_arn parameter, however this option is not available neither via the PMM API nor via the UI.

Is there any plans to implement discovery and adding RDS nodes using IAM/assume role directly without access keys?

Thank you!

Roma Novikov August 25, 2023 at 10:18 AM

Details

Assignee

Reporter

Priority

Components

Needs QA

Yes

Needs Doc

Yes

Affects versions

Smart Checklist

Created August 23, 2023 at 2:15 PM
Updated March 5, 2024 at 10:11 PM

Flag notifications