Analyze Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL logs using centralized logging with Amazon OpenSearch Service

September 8, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details.

As organizations grow their database footprint across multiple AWS accounts, maintaining visibility into database operations becomes increasingly challenging. This post demonstrates how to implement a centralized logging solution using Amazon OpenSearch Service for your Amazon Relational Database Service (Amazon RDS) databases.

Benefits of centralized logging with OpenSearch Service for Amazon RDS

Managing logs across multiple AWS accounts and database instances can be cumbersome when relying solely on Amazon CloudWatch Logs. A centralized logging solution with OpenSearch Service offers several advantages:

• Single pane of glass visibility – Consolidate logs from multiple RDS instances and AWS accounts into a single OpenSearch domain, creating a single source of truth for all database activity.
• Unified search and analysis – Use advanced querying and visualization tools to perform cross-account and cross-Region log analysis, streamlining troubleshooting and reducing time spent navigating multiple CloudWatch consoles.
• Simplified operational management – Manage logs, alerts, and dashboards from a centralized interface. Alleviate siloed monitoring by replacing fragmented CloudWatch access with a unified workflow.
• Consistent monitoring and alerting – Apply standardized alerting policies and real-time dashboards across all environments, providing uniform oversight of performance, errors, and security events.
• Cross-account and cross-Region scalability – Monitor hybrid or multi-account AWS architectures without manual log aggregation. Track global deployments seamlessly, regardless of AWS Region or account boundaries.

This integration of features and benefits provides efficient log management, reduces operational overhead, and enhances visibility for large-scale Amazon RDS deployments.

Solution overview

The following are the high-level steps:

1. Configure an OpenSearch Service domain.
2. Deploy centralized logging with OpenSearch Service.
3. Import an OpenSearch Service domain.
4. Collect Amazon RDS logs.
5. Explore the dashboards.

Configure an OpenSearch Service domain

To create a new OpenSearch Service domain, see Creating and managing Amazon OpenSearch Service domains. The key steps are as follows:

1. On the OpenSearch Service console, choose Domains in the navigation pane.
2. Choose Create domain.
3. Select your deployment type (Production or Development).
4. Configure a domain name and version.
5. Configure the instance type and storage.
6. Set up network access and fine-grained access control.
7. Review and create the domain.

Note the name and domain endpoint URL from the domain overview page to use in later steps.

Deploy centralized logging with OpenSearch Service

To deploy centralized logging with OpenSearch Service, refer to Build your own centralized log analytics platform with Amazon OpenSearch Service in 20 minutes and Amazon RDS/Aurora logs.

Import an OpenSearch Service domain

Complete the following steps to import an OpenSearch Service domain through centralized logging:

1. Log in to the Centralized Logging with OpenSearch console.
2. Choose Import OpenSearch domain under Clusters in the navigation pane.
   
3. Choose the OpenSearch Service domain you created earlier (rdslogging), then choose Next.
   
4. In the Configure network section, keep the default values and choose Next.
5. Import the domain.

On the Domains page, you can see that the OpenSearch Service domain has been successfully imported. Choose View domain and note down the OpenSearch Dashboards link.

Collect Amazon RDS logs

Complete the following steps to create a log collection:

1. Log in to the Centralized Logging with OpenSearch console.
2. Under Log analytics pipelines in the navigation pane, choose AWS service log.
3. Choose Create a pipeline.
4. Select Amazon RDS for AWS services.
5. Keep the default settings and choose Next.
   
6. Keep the default selections of Automatic and Current account, and for Database identifier, choose the RDS instance.
7. Choose Next.
   
   If you’re ingesting Amazon RDS or Amazon Aurora logs from another account, choose Member account for AWS account. Follow the member account steps to add an account.Centralized Logging with OpenSearch supports ingesting AWS service logs and application logs from a different AWS account in the same AWS Region. For more information, see Cross-account ingestion.
8.  For OpenSearch domain, choose the OpenSearch Service domain that you imported earlier (rdslogging) and leave the rest of the settings as default, then choose Next.
   
9. In the Log processor settings section, choose Next while keeping the default values.
10. In the Alarms and tags section, choose Create while keeping the default values.

Explore the dashboards

Complete the following steps to explore the dashboards:

1. Open a web browser and connect to the OpenSearch Dashboards link.
2. When OpenSearch Dashboards opens, enter the credentials for OpenSearch Service that you used earlier.
   
3. Select your tenant, select Global, and choose Confirm.
4. On the OpenSearch Dashboards page, choose Dashboards in the center of the page.
   The RDS dashboards you created from the Amazon RDS logs look like the following screenshot.
   
5. Choose the rdspostgres dashboard and navigate through it.
   

Clean up

To clean up Centralized Logging with OpenSearch, see Uninstall the solution.

You will encounter an “IAM role missing” error if you delete the Centralized Logging with OpenSearch main stack before you delete the log pipelines. The Centralized Logging with OpenSearch console launches additional AWS CloudFormation stacks to ingest logs. If you want to uninstall the Centralized Logging with OpenSearch solution, we recommend deleting the log pipelines (including AWS service log pipelines and application log pipelines) before uninstalling the solution. Complete the following steps:

1. Delete the application log pipelines.
2. Delete the AWS service log pipelines.
3. Clean up the imported OpenSearch Service domains.
4. Delete the Centralized Logging with OpenSearch stack.
5. Delete the OpenSearch Service domain:
   1. On the OpenSearch Service console, choose Domains.
   2. Choose the domain you want to delete.
   3. Choose Delete.
   4. In the confirmation box, enter the domain name to confirm and choose Delete.

Conclusion

Implementing centralized logging with OpenSearch Service provides a scalable and efficient way to manage logs across your RDS database fleet. This solution enables better operational visibility, simplified management, and improved troubleshooting capabilities across your entire database infrastructure. This centralized logging approach helps organizations maintain better control and visibility over their database operations while simplifying the management overhead of handling logs across multiple accounts and Regions.

Try out this solution for your own use case, and share your feedback in the comments.

About the authors

Marcel George is a Consultant with Amazon Web Services. He works with customers to build scalable, highly available, and secure solutions in the AWS Cloud. His focus area is homogenous and heterogeneous migrations of on-premise databases to Amazon RDS and Amazon Aurora PostgreSQL.

Arjun Dooti is a Solutions Architect at AWS. He focuses on data lakes, data warehousing, and databases. His expertise lies in designing scalable, efficient solutions to address complex data challenges. Passionate about modernizing data architectures, he helps businesses leverage the cloud to make data-driven decisions and achieve their goals.

Audit History

Last reviewed and updated in April 2025 by Arjun Dooti | Sr. Solutions Architect