Skip to main content

Documentation Index

Fetch the complete documentation index at: https://opensre.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

OpenSRE uses AWS RDS to investigate database instance health and surface recent operational events — failovers, maintenance windows, parameter changes, and backup activity — when an alert fires against a managed RDS database. All RDS API calls are read-only and routed through the shared aws_sdk_client allowlist, so the integration cannot mutate your RDS resources.

Prerequisites

  • AWS credentials configured per the AWS integration (role ARN recommended)
  • An RDS DB instance you want OpenSRE to investigate
  • IAM permissions for the two RDS describe actions listed below

Setup

Environment variables

RDS_DB_INSTANCE_IDENTIFIER=prod-orders-db
AWS_REGION=us-east-1
VariableDefaultDescription
RDS_DB_INSTANCE_IDENTIFIERRequired. The DB instance identifier OpenSRE should investigate.
AWS_REGIONus-east-1AWS region the instance lives in. Used by both the integration config and per-tool param extraction.
RDS_REGIONus-east-1Fallback used only when AWS_REGION is not set.
Region resolution order (highest priority first):
  1. region field on the source dict (when configured via the integrations store)
  2. AWS_REGION environment variable
  3. RDS_REGION environment variable
  4. us-east-1 (default)

IAM permissions

The integration only needs two read-only RDS actions: 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "rds:DescribeDBInstances",
        "rds:DescribeEvents"
      ],
      "Resource": "*"
    }
  ]
}
Attach this policy to the same IAM role or user already configured for the AWS integration. If you are already using the AWS managed ReadOnlyAccess policy, both actions are already covered.

Tools

ToolAWS API callWhat it returns
describe_rds_instancerds:DescribeDBInstancesInstance status, engine + version, instance class, Multi-AZ flag, endpoint address/port, storage type and size, availability zone, and backup window.
describe_rds_eventsrds:DescribeEventsRecent events for the DB instance — failovers, maintenance, parameter group changes, and backup activity. Defaults to the last 60 minutes; bounded to 20160 minutes (14 days, the AWS limit).
Both tools become available to the planner whenever rds.db_instance_identifier is present in the resolved sources.

Use cases

  • Verifying RDS instance status (available, modifying, failed) when an alert fires
  • Detecting Multi-AZ failover events around an incident timestamp
  • Tracing recent maintenance, parameter group changes, or backup activity that may correlate with the incident

Troubleshooting

SymptomFix
AccessDenied on rds:DescribeDBInstancesAdd the IAM policy above to the role or user used by the AWS integration.
DBInstanceNotFoundConfirm RDS_DB_INSTANCE_IDENTIFIER matches an instance in AWS_REGION.
Tool reports the wrong regionEither AWS_REGION is set to a different region, or the source dict has a stale region field. Check the resolution order above.