diff --git a/roles/rabbitmq_cluster/tasks/main.yml b/roles/rabbitmq_cluster/tasks/main.yml
index 4ac1c7970d..e21cc5d761 100644
--- a/roles/rabbitmq_cluster/tasks/main.yml
+++ b/roles/rabbitmq_cluster/tasks/main.yml
@@ -121,6 +121,31 @@
   - rabbitmq_cluster
   - config
 
+# Users with the "monitoring" tag have read-only access vhosts, connections,
+# channels, node-level resource usage, and cluster stats.
+- name: Create the Nagios monitoring user in staging
+  rabbitmq_user:
+    user: nagios-monitoring
+    password: "{{ rabbitmq_monitoring_password_staging }}"
+    update_password: always
+    tags: monitoring
+  when: env == "staging" and inventory_hostname.startswith('rabbitmq01')
+  tags:
+  - rabbitmq_cluster
+  - config
+
+- name: Create the Nagios monitoring user in production
+  rabbitmq_user:
+    user: nagios-monitoring
+    password: "{{ rabbitmq_monitoring_password_production }}"
+    update_password: always
+    tags: monitoring
+  when: env == "production" and inventory_hostname.startswith('rabbitmq01')
+  tags:
+  - rabbitmq_cluster
+  - config
+
+
 - name: Configure the pubsub virtual host
   rabbitmq_vhost:
     name: /pubsub