# Monitor Cloud-Managed Instances
This guide focuses on **AWS RDS** as a representative example, but the same monitoring principles and configuration approach apply to other supported cloud-managed PostgreSQL services.
## Supported Monitoring Approach
AWS RDS PostgreSQL instances are monitored using the [**Agentless approach**](https://docs.datasentinel.io/manual/features/other-features/agentless-monitoring).
* Monitoring relies on direct database connections and cloud-native capabilities
AWS RDS PostgreSQL instances are declared in Datasentinel like any other PostgreSQL instance, using **agentless registration**.
During registration, you can:
* Specify the RDS endpoint and port
* Provide database credentials
* Associate tags for filtering, analysis, and access control
[**Tags**](https://docs.datasentinel.io/manual/how-to-guides/organize-content-using-tags) such as `environment`, `application`, or `provider=aws` are recommended.
## Read Replicas and High Availability
For RDS [**deployments with replicas**](https://docs.datasentinel.io/manual/how-to-guides/monitor-high-availability-clusters):
* Datasentinel automatically detects primary and read-only replicas
* Replica roles are identified dynamically
This allows you to analyze workload distribution and replication behavior across your RDS cluster.
## Viewing Replication Statistics
For RDS PostgreSQL replicas, Datasentinel collects replication-related metrics, including:
* **Replication delay**, showing how far replicas lag behind the primary
* **WAL delta size**, representing the volume of data remaining to be replicated
These metrics help assess replication health and detect lagging replicas that may impact read scalability or failover readiness.
## Consolidated Workload Analysis
Datasentinel provides consolidated views that allow you to analyze activity across multiple RDS instances or replicas.
Using dashboards and analysis modules, you can:
* View [**Top Queries**](https://docs.datasentinel.io/manual/features/key-features/top-queries) across all RDS instances of an application
* Analyze [**DB workloads**](https://docs.datasentinel.io/manual/features/key-features/session-history) between primary and replicas
* Identify read vs write traffic patterns
## Role-Based Access Control
Datasentinel’s [**role-based access control (RBAC)**](https://docs.datasentinel.io/manual/how-to-guides/manage-users-and-role-based-access) integrates seamlessly with AWS RDS monitoring.
By defining roles based on instance tags, administrators can:
* Restrict user access to specific RDS environments
* Grant application-level visibility across RDS instances
* Isolate production RDS clusters from non-production access
RBAC rules apply dynamically as new RDS instances are added or tags change.
## Limitations and Notes
* Operating system–level metrics are not available for RDS instances
These limitation is inherent to managed PostgreSQL services.
## Best Practices
* Use [**consistent tags**](https://docs.datasentinel.io/manual/how-to-guides/organize-content-using-tags) across all AWS RDS instances
* Combine instance-level and consolidated views
* Monitor replication lag regularly in read-heavy architectures
* Use [**RBAC**](https://docs.datasentinel.io/manual/how-to-guides/manage-users-and-role-based-access) to enforce least-privilege access
## Conclusion
Datasentinel enables secure, agentless monitoring of cloud managed PostgreSQL instances, providing visibility into workload, replication behavior, and high-availability configurations.
By combining tagging, consolidated analysis, and role-based access control, organizations can effectively monitor and manage PostgreSQL workloads running on cloud managed instances at scale.
