I am trying to configure the AWS RDS metric using metricbeat mysql module. I have enabled the require_secure_transport ON for aws rds parametergroup Below is the mysql.yml (/etc/metricbeat/modules.d/mysql.yml)
- module: mysql metricsets: status period: 10s hosts: ["tcp(my_rds_endpoint:3306)/"] username: my_username password: my_password
ERROR: {"log.level":"error","@timestamp":"2023-12-28T10:58:23.514Z", "log.origin":{"file.name":"module/wrapper.go","file.line":256},"message":"Error fetching data for metricset mysql.status:Error 3159: Connections using insecure transport are prohibited while --require_secure_transport=ON.","service.name":"metricbeat","ecs.version":"1.6.0"}
I tried adding below parameters but still same issue.
- module: mysql
metricsets:
status
period: 10s
hosts: ["tcp(my_rds_endpoint:3306)/"]
username: my_username
password: my_password
ssl.enabled: true
ssl.verification_mode: full
ssl.certificate_authorities: ["/opt/ssl/global-bundle.pem"]
logging.level: debug
Note: When i turned of require_secure_transport OFF metricbeat mysql module is working fine only issue with ssl, Can anyone please help on this.
It looks like you are using the wrong CA Bundle You have to use a valid CA Bundle for RDS on your client side.
Check this doc: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
Section Viewing the CA for your database and verify which CA bundle is used by your RDS database.
From Section Certificate bundles for specific AWS Regions download the one corresponding to your RDS database Region.
Use the downloaded bundle in your client settings.