Skip to main content

AWS RDS/Aurora: Quick Launch—Automated agent installation

The fastest way to get started is using our AWS Quick Launch with just one click on the Agent page. This CloudFormation template automatically deploys the DBtune agent on a lightweight EC2 instance in your AWS account to tune your existing RDS or Aurora for PostgreSQL database. It configures the necessary IAM roles, and installs the agent in about 3-5 minutes.

What Quick Launch template does
  1. Auto-creates IAM role with EC2 trust policy and required permissions.
  2. Provisions a lightweight EC2 instance (t3.nano by default).
  3. Installs and configures the DBtune agent as a systemd service.
  4. Sets up security groups automatically from the EC2 instance to:
    • Whitelist app.dbtune.com, and
    • Connect the agent to the RDS/Aurora PostgreSQL instance.
  5. Securely stores credentials in AWS secrets manager.
  6. Constructs database connection URL from individual components.
  7. Installs the DBtune agent as a service, connects to your database, and begins performance monitoring.
Prerequisites

  1. You must have an existing RDS or Aurora PostgreSQL database already running in AWS before using this template.

  2. Ensure you have AdministratorAccess or PowerUserAccess on your AWS account.

  3. The rds_superuser role is required to create an extension pg_stat_statements.

  4. Make sure that you have a custom parameter group attached to your RDS/Aurora instance. DBtune will modify the parameter group that is assigned to the instance during tuning. We advise a separate parameter group per database instance so as to not impact the server parameters on other database instances that are not the target for the tuning. You must manually update this setting by selecting modify your database instance in the AWS console when assigning a new parameter group.

    Create a new parameter group if one doesn't exist as mentioned here.

    Note:

    Attaching the custom parameter group requires a manual reboot of the database.

    Apply that parameter group to the database as mentioned here.

Steps to install DBtune agent using AWS Quick Launch

Step 1: Log in with your master user using psql.

psql "host=$RDSHOST port=5432 dbname=<your_db_name> user=<username> password=<your_master_password>"

Step 2: Create user dbtune_agent.

CREATE USER dbtune_agent WITH PASSWORD 'YourSecurePassword';

Step 3: Grant permissions.

GRANT pg_monitor TO dbtune_agent;

Step 4: Enable pg_stat_statements extension.

CREATE EXTENSION IF NOT EXISTS pg_stat_statements;

Step 5: Login to app.dbtune.com, add a database instance for AWS RDS/Aurora for PostgreSQL. You will be redirected to the Agent setup tab and you can select the AWS Quick Launch option, as illustrated below.

option to choose

Step 5: Launch AWS Quick Launch

Click on the “Launch CloudFormation” button to start the stack page.

Fill the parameters following the guidelines in the stack page and click Create stack to install the agent for your RDS/Aurora instance. For more details on networking, see Network guide section.

Note that this deployment incurs small AWS costs, typically a few dollars per month. Further details are available on the AWS pricing page to review costs for your specific setup.

Guidance on how to choose the subnet in the template

Option 1: If you have a public subnet

quicklaunch

What you need:

  1. VPC with public subnet.
  2. Internet gateway attached to VPC.
  3. Route table with 0.0.0.0/0 → Internet gateway.
  4. Security group allowing outbound traffic.

Traffic flow:

  1. EC2 → Internet: Via Internet gateway.
  2. EC2 → RDS: Intra-VPC routing.

Option 2: If you have a private subnet

quicklaunch

What you need:

  1. VPC with private subnet.
  2. NAT gateway in public subnet.
  3. Internet gateway attached to VPC.
  4. Route table with 0.0.0.0/0 → NAT gateway.

Traffic flow:

  1. EC2 → Internet: Via NAT gateway.
  2. EC2 → RDS: Intra-VPC routing.

Follow the guide to setup nat gateway.

If you have both public and private subnets, which option should you choose?

Use public subnet (option 1) if:

  1. Your security policies allow EC2 instances with public IPs.
  2. You can place the agent in a public subnet.

Use private subnet (option 2) if:

  1. Security policies require EC2 instance in private subnets.
  2. Compliance requirements mandate no public IPs.

Regardless of which option you choose, the CloudFormation template will automatically set up the following Security group rules from the EC2 instance:

  1. Outbound:

    • Port 443 (HTTPS) to 0.0.0.0/0 for whitelisting app.dbtune.com.
    • Port 5432 (PostgreSQL) to RDS/Aurora security group for database connection.

  2. Inbound:

    • Port 5432 (PostgreSQL) to allow the agent to connect to database.
Cleanup

To remove all resources created by this template:

  1. Go to: CloudFormation Console → Stacks.
  2. Select your stack.
  3. Click Delete.
  4. Wait for deletion to complete (~2-3 minutes).

This will remove:

  1. EC2 instance.
  2. Security group and rules.
  3. IAM managed policy.
  4. Secrets manager secret.
  5. CloudWatch log group (if enabled).
Note:

 The IAM role you created manually will not be deleted. You can delete it manually from IAM Console if no longer needed.

Last updated on