postgresql.conf file for native instances, or through the configuration UI for hosted environments such as AWS Aurora or RDS.The PostgreSQL agent requires a database user with specific minimum privileges to perform comprehensive monitoring of the PostgreSQL environment.
Create a dedicated user
Create the user using an existing superuser account or a utility of your choice. The new user must have access to all databases you intend to monitor.
Network and Access Configuration
Ensure that any firewalls and the pg_hba.conf file allow connections for this user from the Foglight Agent Manager (FglAM) host(s).
Agent Query Scope
The agent only queries system tables, views, and uses a few system functions to collect operational data, so the permissions can be limited accordingly.
| PostgreSQL Version | Required Privileges |
|---|---|
| PostgreSQL 10+ | PG_MONITOR, PG_READ_ALL_SETTINGS, PG_READ_ALL_STATS, PG_STAT_SCAN_TABLES |
| Below 10 | LOGIN, CONNECT on all databases, SELECT on all databases |
SUPERUSER privilege is required only for utilizing administrative functions via the Foglight console. These functions are restricted to Foglight users assigned the PostgreSQL Administrator role.
CREATE USER user1 WITH PASSWORD 'password1' LOGIN SUPERUSER;
Additional Notes
For hosted instances like AWS Aurora or RDS, enable the necessary server features through the vendor’s management interface.
Always follow security best practices when assigning privileges and managing database users.