POSTGRES_DB:target_database

POSTGRES_USER:postgres

POSTGRES_PASSWORD:postgres

command:["postgres", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all"]

command:

ports:

-"55432:5432"

volumes:

-./config/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml

-prometheus_data:/prometheus

command:

-'--config.file=/etc/prometheus/prometheus.yml'

-'--storage.tsdb.path=/prometheus'

-'--web.console.libraries=/etc/prometheus/console_libraries'

-'--web.console.templates=/etc/prometheus/consoles'

-'--storage.tsdb.retention.time=200h'

-'--web.enable-lifecycle'

-"--config.file=/etc/prometheus/prometheus.yml"

-"--storage.tsdb.path=/prometheus"

-"--web.console.libraries=/etc/prometheus/console_libraries"

-"--web.console.templates=/etc/prometheus/consoles"

-"--storage.tsdb.retention.time=200h"

-"--web.enable-lifecycle"

pgwatch-postgres:

image:cybertecpostgresql/pgwatch:3

container_name:pgwatch-postgres

command:["--sources=/etc/pgwatch/sources.yml", "--metrics=/etc/pgwatch/metrics.yml", "--sink=postgresql://pgwatch:pgwatchadmin@sink-postgres:5432/measurements", "--web-addr=:8080"]

command:

ports:

-"58080:8080"

depends_on:

pgwatch-prometheus:

image:cybertecpostgresql/pgwatch:3

container_name:pgwatch-prometheus

command:["--sources=/etc/pgwatch/sources.yml", "--metrics=/etc/pgwatch/metrics.yml", "--sink=prometheus://0.0.0.0:9091/pgwatch", "--web-addr=:8089"]

command:

ports:

-"58089:8089"

-"59091:9091"

container_name:grafana-with-datasources

environment:

GF_SECURITY_ADMIN_USER:monitor

GF_SECURITY_ADMIN_PASSWORD:demo

GF_SECURITY_ADMIN_PASSWORD:${GF_SECURITY_ADMIN_PASSWORD:-demo}

GF_INSTALL_PLUGINS:yesoreyeram-infinity-datasource

ports:

-"3000:3000"

Infrastructure as Code modules for deploying postgres_ai monitoring to cloud providers.

Single EC2 instance deployment with Docker Compose.

-**Path**:`aws/`

-**Architecture**: Single EC2 instance with Docker Compose

-**Best for**: Small to medium deployments (1-10 databases)

-**Documentation**:[aws/README.md](aws/README.md)

Deploy to Google Cloud Platform using Compute Engine or Cloud Run.

Deploy to Microsoft Azure using Virtual Machines or Container Instances.

cd terraform/aws

cp terraform.tfvars.example terraform.tfvars

vim terraform.tfvars

terraform init

terraform plan

terraform apply

The AWS deployment creates:

1.**Compute**

- Single EC2 instance (t3.medium default)

- Ubuntu 22.04 LTS (Jammy) with Docker and Docker Compose

- Systemd service for automatic startup

2.**Storage**

- EBS volume for persistent data

- Automated snapshots available via AWS Backup

3.**Networking**

- VPC with public subnet

- Security Group with restricted access

- Optional Elastic IP for stable addressing

4.**Monitoring stack**

- Runs docker-compose from cloned repository

- Grafana accessible on port 3000

- EC2 instance in public subnet (can be changed to private with bastion)

- Security groups restrict access to SSH and Grafana only

- All data encrypted at rest (EBS encryption)

- Recommended: Use AWS Systems Manager Session Manager instead of SSH

- Recommended: Restrict`allowed_cidr_blocks` to your office/VPN IP

Recommended instance types based on workload:

-**t3.medium**: 2 vCPU, 4 GiB RAM - suitable for 1-3 databases (default)

-**t3.large**: 2 vCPU, 8 GiB RAM - suitable for 3-10 databases

-**t3.xlarge**: 4 vCPU, 16 GiB RAM - suitable for 10+ databases

Additional options:

- Use Spot Instances for non-critical workloads (subject to interruption)

- Disable Elastic IP if stable address not required

For issues or questions:

- Open an issue on GitLab

- Contact PostgresAI support

- Check documentation athttps://postgres.ai

.terraform/

.idea/

.vscode/

aws ec2 create-key-pair --key-name postgres-ai-key \

--query'KeyMaterial' --output text>~/.ssh/postgres-ai-key.pem

chmod 400~/.ssh/postgres-ai-key.pem

aws configure

cd terraform/aws

cp terraform.tfvars.example terraform.tfvars

vim terraform.tfvars

Uncomment and set all required parameters:

-`ssh_key_name` - your AWS SSH key name

-`aws_region` - AWS region

-`environment` - environment name

-`instance_type` - EC2 instance type (e.g., t3.medium)

-`data_volume_size` - data disk size in GiB

-`data_volume_type` /`root_volume_type` - volume types (gp3, st1, sc1)

-`allowed_ssh_cidr` /`allowed_cidr_blocks` - CIDR blocks for access

-`use_elastic_ip` - allocate Elastic IP (true/false)

-`grafana_password` - Grafana admin password

-`postgres_ai_version` - git branch/tag (optional, defaults to "main")

Edit`terraform.tfvars` to add PostgreSQL instances to monitor:

terraform init

terraform validate

terraform plan

terraform apply

terraform output grafana_url

terraform output ssh_command

open$(terraform output -raw grafana_url)

ssh -i~/.ssh/postgres-ai-key.pem ubuntu@$(terraform output -raw external_ip)

ssh ubuntu@IP"sudo cat /var/log/user-data.log"

ssh ubuntu@IP"sudo systemctl restart postgres-ai"

terraform destroy

ssh ubuntu@IP"sudo cat /var/log/user-data.log"

ssh ubuntu@IP"sudo systemctl status postgres-ai"

ssh ubuntu@IP"sudo docker ps"

Credentials (passwords, connection strings) are stored in`terraform.tfstate` in plain text. For one-off/dev deployments this is acceptable if you clean up after`terraform destroy`:

terraform destroy

rm -rf .terraform/ terraform.tfstate*

For production deployments, consider:

- Using environment variables:`export TF_VAR_grafana_password=...`

- Remote state with encryption (S3 + encryption)

- Configuring monitoring instances manually after deployment