- Newest
- Most votes
- Most comments
For those who come across in the future --identifier is NOT DBInstanceIdentifier in this case, it is the DbiResourceId . You can get it from
aws rds describe-db-instances --db-instance-identifier <DB-Instance-Identifier> --query 'DBInstances[*].DbiResourceId'
We are having the same issue. The awscli on our local machines is giving "Access denied", and when using the same user in CloudShell is working as expected.
Thanks, it looks like in my case it is something else, just tried in CloudShell and same error
Just checking when specifiying the identifier, you are specifying the ResourceID of the RDS Instance? eg db-ABCDEFGHIJKLMNOPQRSTU1VW2X
Yes it is DB instance ID which is present inside under configration tab as well
As per the AWS documenation for retrieving metrics with the Performance Insights API, we need to use the resource ID
for the DB instance which will be in the format of db-ID
.
The following example shows how to gather the same data that the AWS Management Console uses to generate the two counter metric charts.
aws pi get-resource-metrics ^
--service-type RDS ^
--identifier db-ID ^
--start-time 2018-10-30T00:00:00Z ^
--end-time 2018-10-30T01:00:00Z ^
--period-in-seconds 60 ^
--metric-queries '[{"Metric": "os.cpuUtilization.user.avg" },
{"Metric": "os.cpuUtilization.idle.avg"}]'
Kindly update the identifier value with the resource ID of the DB instance. It will be available in the configuration section of the RDS instance.
Thanks but same issue
If you are running the CLi from your machine and you are using IAM Access keys, ensure the keys are for the correct account.
Thanks for trying to help but they are already correct. As I mentioned that I am connected with the same account which I am using for my GUI
Thanks for confirming
If you are able to access the RDS instance metrics using the AWS console but encountering the "NotAuthorizedException" error when using the AWS CLI, there could be a few possible reasons for this discrepancy. Here are some troubleshooting steps you can try:
- Verify AWS CLI configuration: Double-check that the AWS CLI is configured with the correct credentials. Run the following command to verify your AWS CLI configuration: aws configure
Ensure that the AWS Access Key ID and AWS Secret Access Key provided during the configuration process match the credentials associated with the AWS account that has access to the RDS instance.
Check AWS CLI permissions: Confirm that the IAM user or role associated with the AWS CLI has the necessary permissions to access RDS metrics. Review the IAM policies attached to the IAM user or role and ensure that they include the required permissions for the "rds:GetResourceMetrics" action.
Verify the AWS CLI region: Ensure that the AWS CLI is set to the correct region by running the following command:
aws configure get region
Compare the region returned by this command with the region where your RDS instance is deployed. If they do not match, you can update the region by running aws configure and providing the correct region.
Update AWS CLI version: Check if you have the latest version of the AWS CLI installed. Outdated versions may have compatibility issues or bugs that can cause unexpected errors. Updating the AWS CLI to the latest version can help resolve such issues.
Confirm AWS CLI profile: If you have multiple AWS profiles configured on your system, make sure you are using the correct profile with the AWS CLI. You can specify the profile using the --profile flag in your AWS CLI commands. For example:
aws rds get-resource-metrics --profile your_profile_name
Replace your_profile_name with the name of the profile that has the necessary permissions to access RDS metrics.
Check for any AWS CLI plugins or custom configurations: If you have any AWS CLI plugins or custom configurations that may interfere with the RDS API calls, consider disabling them temporarily to see if it resolves the issue.
As far as user is concerned, it is the correct one which I am using. I tried in cloudshell as well and it is same error. I think error is not due to user, but somehow from the RDS, which says that database instance (not user) for service type RDS is not authorized for this
I have gone through a number of resources and found this help! This might not be the exact answer but it is the alternative way of doing it
The command which could get Performance insights metrics can be get from cloudwatch Here is the command:
aws cloudwatch get-metric-statistics --region {your-region} \
--namespace AWS/RDS \
--metric-name DBLoad \
--period 60 \
--statistics Average \
--start-time 1689012463 \
--end-time 1689084823 \
--dimensions Name=DBInstanceIdentifier,Value={db-identifier}
Note: Here the db-identifier value will be without db
keyword
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
Thank you, It Worked
this is the exact solution that worked for me! thank you :-)