Dash conference! July 11-12, NYC

Monitor Aurora using Datadog

/ / / / / /
Published: November 19, 2015

This post is part 3 of a 3-part series on how to monitor Aurora. Part 1 explores the key metrics available for Aurora, and Part 2 explains how to collect those metrics.

If you’ve already read our post on collecting metrics from Amazon Aurora, you’ve seen that you can easily collect metrics from Amazon’s CloudWatch monitoring service and from the database engine itself for ad hoc performance checks. For a more comprehensive view of your database’s health and performance, however, you need a monitoring system that can integrate and correlate CloudWatch metrics with database engine metrics, that lets you identify both recent and long-term trends in your metrics, and that can help you identify and investigate performance problems. This post will show you how to connect Aurora to Datadog for monitoring in two steps:

For an even more expansive view of your database instances, you can enable the new RDS enhanced monitoring feature, which provides more than 50 system-level metrics at a frequency as high as once per second. Those metrics can be ingested into Datadog for monitoring in just minutes:

Connect Datadog to CloudWatch

To start monitoring metrics from Amazon’s Relational Database Service (RDS), you just need to configure our CloudWatch integration. Create a new user via the IAM console in AWS and grant that user (or group of users) read-only permissions to these three services, at a minimum:

You can attach managed policies for each service by clicking on the name of your user in the IAM console and selecting “Permissions,” or by using the Amazon API.

Once these settings are configured within AWS, create access keys for your read-only user and enter those credentials in the AWS integration tile on Datadog to start pulling RDS data.

Note that if you are using ELB, ElastiCache, SNS, or other AWS products in addition to RDS, you may need to grant additional permissions to the user. See here for the complete list of permissions required to take full advantage of the Datadog–AWS integration.

Integrate Datadog with Aurora’s database engine

As explained in Part 1, CloudWatch provides you with several high-level metrics that apply to any of the supported RDS database engines, plus several valuable Aurora-only metrics. To access the hundreds of metrics exposed by the MySQL-compatible database engine, however, you must monitor the database instance itself.

Installing the Datadog Agent on EC2

Datadog’s Agent integrates seamlessly with MySQL and compatible technologies (including Aurora) to gather and report key performance metrics, many of which are not available through RDS. Where the same metrics are available through the Agent and through basic CloudWatch metrics, Agent metrics should be preferred, as they are reported at a higher resolution. Installing the Agent is easy: it usually requires just a single command, and the Agent can collect detailed metrics even if the performance schema is not enabled and the sys schema is not installed. Installation instructions for different operating systems are available here.

Because RDS does not provide you direct access to the machines running Aurora, you cannot install the Agent on the database instance to collect metrics locally. Instead you must run the Agent on another machine, often an EC2 instance in the same security group. See Part 2 of this series for more on accessing Aurora via EC2.

Configuring the Agent for RDS

Collecting Aurora metrics from an EC2 instance is quite similar to running the Agent on a MySQL host to collect metrics locally, with two small exceptions:

The Aurora instance endpoint and DB instance identifier are both available from the AWS console. Complete instructions for configuring the Agent to capture MySQL or Aurora metrics from RDS are available here.

Unifying your metrics

Once you have set up the Agent, all the metrics from your database instance will be uniformly tagged with dbinstanceidentifier:instance_name for easy retrieval, whether those metrics come from RDS or from the database engine itself.

View your comprehensive Aurora dashboard

Once you have integrated Datadog with RDS, a comprehensive dashboard called “Amazon - RDS (Aurora)” will appear in your list of integration dashboards. The dashboard gathers the metrics highlighted in Part 1 of this series: metrics on query throughput and performance, along with key metrics around resource utilization, database connections, and replication lag.

Out of the box, the dashboard displays database engine metrics from all instances configured via the MySQL integration, as well as RDS metrics from all instances running Aurora. You can focus on one particular instance by selecting a particular dbinstanceidentifier in the upper left.

Customize your dashboard

The Datadog Agent can also collect metrics from the rest of your infrastructure so that you can correlate your entire system’s performance with metrics from Aurora. The Agent collects metrics from ELB, NGINX, Redis, and 120+ other infrastructural applications. You can also easily instrument your own application code to report custom metrics to Datadog using StatsD.

To add more metrics from Aurora or other systems to your RDS dashboard, clone the template dash by clicking on the gear in the upper right.

Monitor RDS enhanced metrics with Datadog

AWS recently announced enhanced monitoring for RDS instances running MySQL, MariaDB, and Aurora. Enhanced monitoring includes more than 50 new CPU, memory, file system, and disk I/O metrics that can be collected on a per-instance basis as frequently as once per second.

AWS has worked with Datadog to help customers monitor this new, high-resolution data. With a few minutes of work your enhanced RDS metrics will immediately begin populating a pre-built, customizable dashboard in Datadog.

Pre-built Datadog RDS dashboard with enhanced metrics

Connect RDS to Datadog

When you enable enhanced RDS metrics, the metrics will be written to CloudWatch Logs. You will then use a Lambda function to process those metrics and send them to Datadog. Enhanced metrics can be collected even if you do not use the Datadog Agent to monitor your RDS instances.

Enable enhanced metrics reporting to CloudWatch logs

You can enable enhanced RDS metrics during instance creation, or on an existing RDS instance by selecting it in the RDS Console and then choosing Instance Options → Modify:

UI for enabling enhanced RDS monitoring

Set “Granularity” to 1–60 seconds; every 15 seconds is often a good choice. These metrics will be sent to CloudWatch logs.

Send CloudWatch log data to Datadog

Next you can use a ready-made Lambda function to process the logs and send the metrics to Datadog.

  1. Navigate to the Encryption Keys tab on the IAM Management Console and then create a new encryption key. Enter an Alias for the key like lambda-datadog-key. On the next page, add the appropriate administrators and users for the key, ensuring that you yourself are added at least as a user. Finish creating the key.

  2. Encrypt the key using the AWS CLI, providing the Alias of your just-created key (e.g. lambda-datadog-key) as well as your Datadog keys, available here:

        $ aws kms encrypt --key-id alias/<Alias key name> --plaintext '{"api_key":"<datadog_api_key>", "app_key":"<datadog_app_key>"}'
    You’ll need the output of this command in the next steps.

  3. Create a role for your Lambda function. Name it something like lambda-datadog-enhanced-rds-collector and select “AWS Lambda” as the role type.

    Cloudwatch role type selector

  4. Create your own policy for the role and name it something like lambda-datadog-policy. For Policy Document, enter the following but with <encryption_key_arn> replaced with the ARN of your previously created Encryption Key:

      "Version": "2012-10-17",
      "Statement": [
              "Effect": "Allow",
              "Action": [
              "Resource": [
    And then finish creating your role.

  5. From the Lambda Management Console, create a new Lambda Function. Filter blueprints by “datadog”, and select the “datadog-process-rds-metrics” blueprint.

  6. Choose RDSOSMetrics from the Log Group dropdown, enter anything as a Filter Name, and click Next. Note that you must have enabled enhanced metrics before RDSOSMetrics will appear as an option.

    Specify the RDSISMetrics Log Group

  7. Give your function a name like send-enhanced-rds-to-datadog. Replace the value for the kmsEncryptedKeys environment variable with the ciphertext blob part of the CLI command output above.

    Configure Datadog Lamda blueprint

  8. Under “Lambda function handler and role”, choose the role you created earlier, e.g. lambda-datadog-enhanced-rds-collector. Go to the next page, select the Enable Now radio button, and create your function.

Customize your enhanced metrics dashboard

Once you have enabled “RDS” in Datadog’s AWS integration tile, Datadog will immediately begin displaying your enhanced RDS metrics. You can clone the pre-built dashboard for enhanced metrics and customize it however you want: add MySQL-specific metrics that are not displayed by default, or start correlating database metrics with the performance of the rest of your stack.


In this post we’ve walked you through integrating Aurora with Datadog so you can access all your database metrics in one place, whether standard metrics from MySQL and CloudWatch or enhanced metrics from RDS.

When you monitor Aurora with Datadog, you get critical visibility into what’s happening with your database and the applications that depend on it. You can easily create automated alerts on any metric, with triggers tailored precisely to your infrastructure and your usage patterns.

If you don’t yet have a Datadog account, you can sign up for a and start monitoring your cloud infrastructure, your applications, and your services today.

Source Markdown for this post is available on GitHub. Questions, corrections, additions, etc.? Please let us know.

Want to write articles like this one? Our team is hiring!