BLOGS ON AWS RESOURCES

Author: wpuser

  • How to Secure WHM with CSF Firewall & Two-Factor Authentication

    When you manage multiple cPanel accounts and websites through WHM, security should be your top priority. Since WHM has root-level access to your server, any compromise could affect all your clients, sites, and data.

    Two of the most effective ways to secure WHM are:

    1. CSF (ConfigServer Security & Firewall) — A robust server firewall and security tool.

    2. Two-Factor Authentication (2FA) — An extra login layer that requires both your password and a time-based security code.

    In this guide, we’ll walk you through setting up CSF and enabling 2FA for WHM.

    Why Security is Critical for WHM

    WHM isn’t just another web app — it’s the control center for your entire hosting environment. With it, you can:

    • Create and delete cPanel accounts

    • Manage DNS and email

    • Change system configurations

    • Restart services like Apache or MySQL

    If attackers gain access to WHM, they gain access to everything. That’s why hardening WHM with multiple security layers is essential.

    1. Install and Configure CSF Firewall

    What is CSF?
    ConfigServer Security & Firewall (CSF) is a free and powerful Linux firewall with a WHM plugin. It provides:

    • IP-based allow/deny lists

    • Brute-force protection

    • Login failure detection

    • Port scanning alerts

    Step 1: Install CSF

    Login to your server via SSH as root:

    • cd /usr/src
    • rm -fv csf.tgz
    • wget https://download.configserver.com/csf.tgz
    • tar -xzf csf.tgz
    • cd csf
    • sh install.sh

    Step 2: Enable CSF in WHM

    1. Log in to WHM at https://your-server-ip:2087

    2. In the search bar, type ConfigServer Security & Firewall

    3. Open the interface and click Enable Firewall

    4. Click Restart csf+lfd to apply settings

    Step 3: Configure Basic Firewall Rules

    Inside CSF in WHM:

    • Allow your IP under “Quick Allow” to prevent accidental lockouts

    • Close unused ports (keep only necessary ones like 2087, 2083, 22, 80, 443)

    • Enable Login Failure Detection (lfd) to block repeated failed login attempts

    2. Enable Two-Factor Authentication in WHM

    What is 2FA?
    Two-Factor Authentication adds an extra login step. Even if someone guesses your password, they cannot log in without the code generated by your phone.

    Step 1: Access 2FA Settings

    1. Log in to WHM

    2. In the search bar, type Two-Factor Authentication

    3. Click Manage My Account (for your user)

    Step 2: Set Up Your Authenticator App

    1. Click Set Up Two-Factor Authentication

    2. WHM will display a QR code

    3. Open your Google Authenticator or Authy app

    4. Scan the QR code and enter the generated code into WHM

    Step 3: Enforce 2FA for All Users

    1. In WHM’s Two-Factor Authentication menu, select Manage Users

    2. Enable “Require 2FA” for all root/reseller accounts

    3. Extra Tips for WHM Security

    • Change WHM’s default port from 2087 to a custom port in CSF

    • Use strong, unique passwords for WHM and SSH

    • Restrict WHM access to specific IPs in CSF

    • Enable automatic system updates to patch vulnerabilities

    Conclusion

    By combining CSF Firewall and Two-Factor Authentication, you add two strong layers of security to WHM. CSF blocks unwanted traffic and brute-force attempts, while 2FA ensures that even if your password leaks, hackers can’t get in.

    A secure WHM means secure cPanel accounts — and happy clients.

  • What is WHM? How to Create and Migrate cPanel Accounts Like a Pro

    If you have ever managed multiple websites or hosting accounts, chances are you have come across WHM — the powerful control panel that works hand-in-hand with cPanel. While cPanel is designed for end-users to manage their websites, WHM (Web Host Manager) is made for server admins, resellers, and hosting providers to manage multiple cPanel accounts.

    Whether you are running a hosting business or need to migrate client websites, understanding WHM is essential. In this guide, we will break down what WHM does, how to create cPanel accounts, and how to migrate them from one server to another.

    What is WHM (Web Host Manager)?

    WHM is a web-based admin tool that lets you manage multiple cPanel accounts on a single server. It is typically used by:

    • Hosting resellers

    • Web agencies managing many client sites

    • System administrators running VPS or dedicated servers

    Think of WHM as the master control panel — while cPanel gives you control over one website, WHM gives you control over many cPanels.

    Key Features of WHM

    • Create, modify, or suspend cPanel accounts

    • Set up hosting packages and resource limits

    • Monitor server health such as CPU, memory, and disk usage

    • Manage DNS zones and nameservers

    • Perform backups and migrations

    • Configure security settings including firewall and brute-force protection

    How to Create a New cPanel Account in WHM

    If you are hosting websites for others or setting up new projects, you will need to create separate cPanel accounts. Here is how:

    Step-by-Step:

    1. Log in to WHM, usually via https://your-server-ip:2087

    2. Search for “Create a New Account” in the left-hand menu

    3. Fill in account details such as domain name, username, password, and admin email

    4. Choose a package with resource limits like disk space and bandwidth. You can create custom packages under “Add a Package.”

    5. Leave DNS settings as default unless you use custom nameservers

    6. Use “Automatically Detect” for mail routing or set manually based on your email setup

    7. Click “Create.” WHM will now create the cPanel account with its own login credentials

    How to Migrate a cPanel Account from Another Server

    If you are switching hosts or consolidating servers, WHM makes it easy to move entire cPanel accounts including files, emails, databases, and settings.

    Option 1: Use WHM’s Transfer Tool (Recommended)

    This works only if you have root access on both servers.

    Steps:

    1. In WHM, go to Transfers then Transfer Tool

    2. Enter the remote server’s IP address, root password, and SSH port (usually 22)

    3. WHM will connect and show a list of accounts you can migrate

    4. Select the accounts to transfer

    5. Click “Copy.” WHM will handle the rest

    Option 2: Manual Migration (Without Root Access)

    If you don’t have root access, follow these steps:

    1. Generate a full backup in the source cPanel by going to cPanel → Backup → Generate Full Backup

    2. Download the backup file (usually ends in .tar.gz)

    3. Upload the backup to the new server and restore it via WHM or request the host to restore it for you

    WHM vs. cPanel: Quick Comparison

    cPanel is designed to manage a single site, while WHM manages multiple sites and cPanel accounts. WHM lets you create and modify cPanel accounts and view server health. cPanel does not offer these features.

    Pro Tip: Secure Your WHM Access

    • Change the default port from 2087

    • Use ConfigServer Security & Firewall (CSF)

    • Enable two-factor authentication

    • Use IP whitelisting for admin access

  • 🌐 Understanding DNS Records: A Complete Beginner’s Guide

    If you’ve ever wondered how typing a website address in your browser magically brings up a webpage, the answer lies in something called DNS — the Domain Name System. It’s like the internet’s phonebook, translating user-friendly domain names (like example.com) into IP addresses computers use to communicate.

    In this guide, we’ll break down the most common DNS records, what they do, and why they matter — all in simple terms.

    What is a DNS Record?

    A DNS record is a small piece of information stored on a DNS server that tells the internet how to handle requests for your domain name. Think of it as instructions that connect your domain to services like websites, email servers, or apps.

    Key Types of DNS Records

    1. A Record (Address Record)

    • Purpose: Maps your domain name to an IPv4 address (a numerical IP like 192.0.2.1)

    • Example: When you type yourdomain.com, the A record tells the browser which server to reach.

    2. AAAA Record

    • Purpose: Similar to an A record but maps to an IPv6 address (newer IP format, e.g., 2607:f8b0:4005:805::200e)

    • IPv6 is the next generation of IP addressing, providing a much larger address space.

    3. CNAME Record (Canonical Name Record)

    • Purpose: Aliases one domain name to another domain name.

    • Example: www.yourdomain.com could point to yourdomain.com so both go to the same site.

    4. MX Record (Mail Exchange Record)

    • Purpose: Directs email to the servers responsible for receiving emails for your domain.

    • Example: If you use Gmail for your domain’s email, MX records tell the internet to send mail to Google’s servers.

    5. TXT Record

    • Purpose: Holds text information for various uses, commonly for email security (SPF, DKIM) and domain verification.

    • Example: A TXT record might specify which mail servers are allowed to send emails on behalf of your domain to reduce spam.

    6. NS Record (Name Server Record)

    • Purpose: Specifies which DNS servers are authoritative for your domain — basically, which servers hold your DNS records.

    • Without proper NS records, your domain won’t resolve anywhere.

    Why Are DNS Records Important?

    • Website Access: Directs users to your website server.

    • Email Delivery: Ensures emails reach the right inboxes.

    • Security: Helps prevent spam and phishing with SPF, DKIM via TXT records.

    • Reliability: Correct DNS ensures your site stays online and reachable.

    How to Manage Your DNS Records

    Usually, your domain registrar or hosting provider offers a DNS management panel where you can add or edit DNS records.

    Tip: Always double-check your entries and propagate changes patiently — DNS updates can take from a few minutes up to 48 hours worldwide.

    Final Thoughts

    Understanding DNS records might sound technical, but it’s essential for anyone managing websites or email. With this foundational knowledge, you can confidently manage your domain settings or communicate better with your hosting provider.

    Want a hassle-free DNS setup?

    If you’re looking for a platform that handles DNS, hosting, and deployment seamlessly, check out VavenCloud — combining hosting, DevOps, and easy domain management in one AI-powered platform.

    Explore more at vavencloud.com

  • 🖥️ What is cPanel and How to Use It for Shared Hosting?

    If you’re new to web hosting, you’ve probably heard of cPanel — one of the most popular web hosting control panels worldwide. But what exactly is cPanel, and how can you use it to manage your shared hosting account effectively? Let’s break it down!

    What is cPanel?

    cPanel is a web-based dashboard that lets you manage your website hosting account easily, without needing advanced technical skills. Think of it as a user-friendly control room where you can handle all aspects of your website and server.

    It’s especially common in shared hosting environments, where multiple users share the same server resources but have individual accounts.

    Key Features of cPanel

    • File Manager: Upload, edit, and organize your website files.

    • Email Accounts: Create and manage custom email addresses (e.g., [email protected]).

    • Domain Management: Add subdomains, parked domains, and redirect URLs.

    • Databases: Create and manage MySQL or PostgreSQL databases for your apps.

    • Backup: Schedule or create backups of your website data.

    • Security: Manage SSL certificates, IP blocking, and password-protected directories.

    • Software: Install popular apps (WordPress, Joomla, etc.) easily using Softaculous or other auto-installers.

    How to Use cPanel for Shared Hosting: Step-by-Step

    1. Log in to Your cPanel Account

    Your hosting provider will send you a link, username, and password to access cPanel. Usually, the URL looks like:

    https://yourdomain.com:2083

    Enter your credentials to log in.

    2. Upload Your Website Files

    Navigate to File Manager and open the public_html directory — this is where your website files live.

    Click Upload and select your HTML, CSS, or PHP files from your computer.

    3. Set Up Email Accounts

    Go to Email Accounts, create a new email (like [email protected]), set a password, and configure it on your devices.

    4. Manage Domains & Subdomains

    If you want multiple websites or subdomains:

    • Click Addon Domains to add new domains.

    • Use Subdomains to create URLs like blog.yourdomain.com.

    5. Create Databases

    If your site needs a database (like WordPress), head to MySQL Databases:

    • Create a new database and user.

    • Assign user privileges.

    • Use the credentials in your website’s configuration.

    6. Secure Your Site with SSL

    Under SSL/TLS, install or manage SSL certificates to enable HTTPS, keeping your visitors’ data safe.

    7. Use Auto-Installers for Apps

    Use Softaculous Apps Installer or similar tools to quickly install WordPress, Drupal, Joomla, and other CMS platforms — no manual setup required.

    Why Choose cPanel for Shared Hosting?

    • Ease of Use: Intuitive interface suitable for beginners.

    • Comprehensive Tools: Covers everything from file management to security.

    • Wide Support: Compatible with most web hosting providers.

    • Automation: Auto-installers and backup tools save time.

    Final Thoughts

    cPanel is a powerful tool that simplifies website hosting management — especially on shared servers where you want easy, direct control over your files, emails, and domains.

    If you want to skip the hassle of manual setups, check out VavenCloud — an AI-powered platform that combines hosting, DevOps, and website deployment all in one easy-to-use dashboard.

    Ready to get started?
    👉 Visit vavencloud.com

  • 🖥️ Difference Between Shared Hosting, VPS, and Dedicated Servers

    Choosing the right web hosting is critical for your website’s performance, security, and scalability. But with so many options—Shared Hosting, VPS, and Dedicated Servers—it can get confusing. This guide breaks down what each hosting type means, their pros and cons, and which is best suited for your needs.

    1. Shared Hosting

    What it is:
    Multiple websites share the same physical server and its resources (CPU, RAM, bandwidth).

    Pros:

    • Very affordable — ideal for beginners and small websites.

    • Managed by the hosting provider — no server management needed.

    • Easy to set up with control panels like cPanel.

    Cons:

    • Limited resources since you share with others.

    • Performance can be affected by other sites (noisy neighbors).

    • Less control over server configuration and security.

    Best for:
    Small blogs, personal sites, portfolios, or low-traffic websites.

    2. VPS (Virtual Private Server)

    What it is:
    A physical server is divided into multiple virtual servers, each isolated with dedicated resources.

    Pros:

    • More resources and better performance than shared hosting.

    • Greater control with root access to configure the server.

    • Scalable — you can upgrade CPU, RAM, and storage as needed.

    • Enhanced security due to isolation from other VPS users.

    Cons:

    • Requires some server management knowledge.

    • More expensive than shared hosting but less than dedicated servers.

    Best for:
    Growing businesses, eCommerce sites, and apps that need more power and control.

    3. Dedicated Server

    What it is:
    You rent an entire physical server dedicated solely to your website or application.

    Pros:

    • Full control over server hardware and software.

    • Maximum performance and reliability.

    • Highest level of security and customization.

    • No resource sharing — all server resources belong to you.

    Cons:

    • Most expensive hosting option.

    • Requires advanced technical skills to manage or a dedicated sysadmin.

    • Setup and maintenance can be complex.

    Best for:
    Large enterprises, high-traffic websites, resource-intensive applications, or when compliance/security is a priority.

    Summary Table

    Feature Shared Hosting VPS Dedicated Server
    Resource Sharing Yes Virtual isolation No
    Control Level Limited Root access Full control
    Performance Variable High Very High
    Cost Low Medium High
    Technical Knowledge Minimal Moderate Advanced
    Security Basic Improved Maximum

    Which One Should You Choose?

    • Start small? Go with Shared Hosting to keep costs low and management easy.

    • Need more control and power? A VPS offers a great balance for growing projects.

    • Require top performance and customization? Choose a Dedicated Server.

    How VavenCloud Can Help

    VavenCloud offers flexible hosting solutions, including Managed VPS with automation and AI-powered tools — giving you performance, security, and ease of use in one platform. No matter your hosting choice, VavenCloud simplifies setup, scaling, and management.

  • 🔒 How to Secure Your Linux Server with Basic Firewall and SSH Hardening

    Securing your Linux server is critical to protect your data, applications, and infrastructure from unauthorized access and attacks. Two foundational steps to improve your server security are configuring a firewall and hardening SSH (Secure Shell) access.

    In this guide, we’ll walk you through easy, effective measures to secure your Linux server — ideal for beginners and those managing VPS or dedicated servers.

    1. Set Up a Basic Firewall Using UFW

    UFW (Uncomplicated Firewall) is a user-friendly firewall tool commonly available on Ubuntu and Debian-based systems.

    sudo ufw status

    If it’s not installed, install it:

    sudo apt install ufw -y

    Step 2: Allow SSH Connections

    Before enabling the firewall, allow SSH to avoid locking yourself out:

    • sudo ufw allow ssh

    Alternatively, if you use a custom SSH port (e.g., 2222):

    • sudo ufw allow 2222/tcp

    Step 3: Allow HTTP and HTTPS (For Web Servers)

    • sudo ufw allow http
    • sudo ufw allow https

    Step 4: Enable UFW

    • sudo ufw enable

    Step 5: Verify Firewall Status

    • sudo ufw status verbose

    2. Harden SSH Access

    SSH is your gateway to the server, so securing it is vital.

    Step 1: Change Default SSH Port (Optional but Recommended)

    Edit SSH config file:

    • sudo nano /etc/ssh/sshd_config
    Find the line:
    #Port 22

    Uncomment and change 22 to another port number (e.g., 2222):

    • Port 2222

    Save and exit (Ctrl+O, Enter, Ctrl+X).

    Restart SSH service:

    • sudo systemctl restart sshd
    Remember to update your firewall rule if you changed the port:
    • sudo ufw allow 2222/tcp

    Step 2: Disable Root Login via SSH

    In the same SSH config file (/etc/ssh/sshd_config), find:

    • PermitRootLogin yes

    Change it to:

    • PermitRootLogin no

    Save and restart SSH service again.

    Step 3: Use SSH Key Authentication

    SSH keys are more secure than passwords.

    • Generate SSH key pair on your local machine:

    • ssh-keygen -t rsa -b 4096

    • Copy the public key to your server:

    • ssh-copy-id -p 2222 username@your_server_ip

    Replace 2222 with your SSH port if changed.

    Step 4: Disable Password Authentication

    Once SSH keys work, disable password login for SSH.

    Edit /etc/ssh/sshd_config:

    • PasswordAuthentication no

    Save and restart SSH:

    • sudo systemctl restart sshd

    3. Additional Security Tips

    • Keep your system updated

    • sudo apt update && sudo apt upgrade -y
    • Install Fail2Ban to block suspicious IPs:
    • sudo apt install fail2ban -y
    • Regularly review SSH login attempts:
    • sudo tail -f /var/log/auth.log

    Final Thoughts

    Basic firewall setup and SSH hardening are vital first steps to secure your Linux server. These measures help prevent unauthorized access and reduce attack surfaces — keeping your data and apps safe.

    For a more streamlined, automated experience, consider VavenCloud’s managed VPS services, where security best practices come pre-configured with continuous monitoring and support.

  • 🐧 How to Host a Website on Linux from Scratch: A Step-by-Step Guide

    Whether you’re a developer, freelancer, or small business owner, learning how to host a website on a Linux server gives you full control, scalability, and cost-efficiency. In this guide, we’ll walk you through hosting your own website on a Linux VPS or dedicated server — from setup to deployment.

    This process is 100% hands-on and ideal for anyone using platforms like VavenCloud, where Linux servers are the backbone of custom web hosting.

    📦 Prerequisites

    Before we dive in, here’s what you’ll need:

    • A Linux-based server (Ubuntu 20.04+ is recommended)
    • Root or sudo access
    • A registered domain name
    • Basic knowledge of terminal commands
    • SSH client (like PuTTY or your terminal)

    1. 🔐 Connect to Your Linux Server via SSH

    From your local machine, open a terminal and connect to your server:

    ssh username@your_server_ip

    Replace username (often root) and your server’s IP. If this is your first time, you’ll be prompted to accept the SSH key and enter your password.

    2. 🧹 Update Your System Packages

    Keep your server secure and up-to-date:

    sudo apt update && sudo apt upgrade -y

    This ensures all software packages are current and vulnerabilities are patched.

    3. 🌐 Install a Web Server (Apache or Nginx)

    Option 1: Apache

    sudo apt install apache2 -y

    Start and enable the service:

    sudo systemctl enable apache2
    sudo systemctl start apache2

    Option 2: Nginx

    sudo apt install nginx -y
    sudo systemctl enable nginx
    sudo systemctl start nginx

    Test by visiting http://your_server_ip — you should see a welcome page.

    4. 💾 Upload Your Website Files

    You can use SCP, SFTP, or Git to upload your HTML/CSS/JS files. Here’s an example using SCP:

    scp -r /local/path/to/your/site username@your_server_ip:/var/www/html

    Make sure your files are placed in the correct web root. By default:

    • Apache: /var/www/html/
    • Nginx: depends on your config, usually /usr/share/nginx/html/

    Set correct permissions:

    sudo chown -R www-data:www-data /var/www/html

    5. 🌍 Configure Your Domain (DNS Setup)

    Update your domain’s DNS records to point to your server’s IP address:

    • A Record → your server’s IP (e.g. example.com → 192.0.2.1)
    • CNAME or wwwexample.com

    Propagation may take up to 24 hours.

    6. 🔒 Install SSL with Let’s Encrypt (Optional but Recommended)

    Install Certbot:

    sudo apt install certbot python3-certbot-apache -y

    Run it to secure your domain:

    sudo certbot –apache

    For Nginx, replace --apache with --nginx.

    Auto-renewal is set up by default, but you can verify with:

    sudo certbot renew –dry-run

    7. 🚀 Final Test

    Open your browser and navigate to your domain (e.g. https://yourdomain.com). Your website should be live, secure, and running on your Linux server!

    🔁 Bonus: Automate with VavenCloud

    Manually hosting is a great learning experience — but if you want to speed up deployments, scale effortlessly, and add CI/CD out of the box, VavenCloud can automate much of this setup.

    With VavenCloud’s DevOps suite, you get:

    • Pre-configured Linux VPS
    • One-click website deployment
    • Built-in SSL, backups, and domain tools
    • Git-based CI/CD pipelines for automatic publishing

    🧠 Final Thoughts

    Hosting a website on Linux from scratch teaches you the building blocks of web infrastructure — something every developer should try at least once. But when it’s time to go from DIY to production-grade, platforms like VavenCloud help you scale securely, reliably, and without hassle.

    Want to try VavenCloud’s hosting platform?
    👉 Get started here

     

  • Introducing Docker Offload: Run Docker Builds & Containers in the Cloud with Ease

    Working with resource-heavy Docker builds or containers that push the limits of your local machine? Docker Offload makes it easy to move that work to the cloud—without changing your development workflow.

    Docker Offload is a fully managed service that lets you run Docker builds and containers in a remote, cloud-based environment while still using Docker as you normally would on your local machine. It’s ideal for tasks that demand high performance—such as running LLMs, machine learning pipelines, or GPU-accelerated applications.

    Why Choose Docker Offload?

    Today’s developers often juggle local development with the need for scalable infrastructure. Docker Offload bridges that gap by offering:

    • Cloud-based resources to handle large or complex builds

    • Faster build times and quicker development feedback loops

    • GPU support for compute-heavy workloads

    • Docker Compose compatibility for managing multi-service applications in the cloud

    Whether you’re running on a lightweight laptop or just want to speed things up, Docker Offload brings scalable power to your workflow.

    Great use cases include:

    • Machine learning model training or inference

    • Running large language models (LLMs)

    • Heavy-duty CI/CD pipelines

    • Resource-intensive microservices and cloud-native applications

    Getting Started with Docker Offload

    Step 1: Sign Up and Subscribe

    To begin using Docker Offload, you’ll need a Docker account and an active subscription that includes access to the service.

    Step 2: Enable Docker Offload

    1. Open Docker Desktop and sign in to your Docker account.

    2. Launch your terminal and run:

    docker offload start

    1. Choose the Docker account that will be used for Offload.

    2. If prompted, decide whether to enable GPU support. Enabling this option runs your containers on an NVIDIA L4 GPU—ideal for AI or ML workloads.

    Note: GPU usage will increase your consumption of Docker credits.

    Step 3: Run a Container in the Cloud

    Once Docker Offload is running, your local Docker CLI will communicate with a secure cloud environment behind the scenes. You use it just like your local Docker engine.

    To test it out, try running:

    docker run --rm hello-world

    If GPU support is enabled, you can test that too:

    docker run --rm --gpus all hello-world

    If Docker Offload is working correctly, you’ll see the familiar “Hello from Docker!” message.

    Step 4: Stop Docker Offload

    To switch back to local builds and containers, simply stop the Offload service:

    docker offload stop

    You can restart Offload at any time using the same start command.

    Performance Tips for Faster Builds

    Because Docker Offload runs your builds remotely, files need to be uploaded to the cloud. This means that transfer speeds and latency can affect build times, especially with larger projects.

    Docker includes several features to minimize delays:

    • Fast access to build caches via attached volumes

    • Efficient syncing that only uploads layers that have changed

    • Optimized layer pulling when transferring results back to your machine

    To make the most of Docker Offload, consider these best practices:

    • Use a .dockerignore file to skip unnecessary files

    • Start with slim base images to reduce image size

    • Use multi-stage builds to optimize output

    • Download external files during the build process instead of including them locally

    • Take advantage of parallel build tools to speed things up

    Build Smarter, Run Faster

    Docker Offload gives you the flexibility to use cloud resources only when you need them—without changing how you work. Whether you’re building containers, running GPU workloads, or managing complex Docker Compose apps, Offload lets you scale your environment without overloading your hardware.

    To get started, just run:

    docker offload start

    No infrastructure setup. No workflow changes. Just more power when you need it.

  • Setting up Prometheus and Grafana

    What is Prometheus?

    Prometheus is an open-source monitoring and alerting toolkit originally developed at SoundCloud. It is designed for reliability and scalability, ideal for collecting time-series metrics from cloud-native environments like Kubernetes or AWS. Prometheus stores data in a custom time-series database and uses a flexible query language called PromQL.

    Prometheus works by scraping metrics from targets (like EC2, Node Exporter, or containers) at specified intervals. These metrics are then stored locally and can be queried or used to trigger alerts.

    Prometheus supports service discovery, meaning it can automatically detect and begin monitoring new services based on changes in your infrastructure.

    What is Grafana?

    Grafana is an open-source analytics and visualization platform that integrates seamlessly with Prometheus. It helps users create interactive and customizable dashboards to visualize metrics data. Grafana supports alerts, templating, role-based access, and can be used to monitor everything from infrastructure and logs to user applications.

    Grafana doesn’t collect data itself — it reads it from sources like Prometheus, InfluxDB, MySQL, Loki, and more.

    How Prometheus and Grafana Work Together

    • Prometheus collects and stores metrics from services and infrastructure.

    • Grafana reads these metrics via Prometheus’s HTTP API and visualizes them.

    • This combination provides real-time monitoring, alerting, and visual dashboards for DevOps and SRE teams.

      Install Prometheus and Grafana on AWS EC2

    • You can set up Prometheus and Grafana on your EC2 instance in just a few steps.

      Install Prometheus

      # Amazon Linux 2
sudo yum update -y

# Ubuntu
sudo apt-get update
    • 2. Create a Prometheus user and folders 
      sudo useradd --no-create-home --shell /bin/false prometheus

sudo mkdir /etc/prometheus /var/lib/prometheus
    • 3. Download and install Prometheus 
      wget https://github.com/prometheus/prometheus/releases/download/v2.34.0/prometheus-2.34.0.linux-amd64.tar.gz
tar -xvzf prometheus-2.34.0.linux-amd64.tar.gz
cd prometheus-2.34.0.linux-amd64

sudo cp prometheus promtool /usr/local/bin/
sudo cp -r consoles console_libraries /etc/prometheus
sudo cp prometheus.yml /etc/prometheus
sudo chown -R prometheus:prometheus /etc/prometheus /var/lib/prometheus

      4. Create systemd service file

      sudo vim /etc/systemd/system/prometheus.service
    • Paste the following: 
      [Unit]
Description=Prometheus
After=network.target

[Service]
User=prometheus
ExecStart=/usr/local/bin/prometheus \
--config.file=/etc/prometheus/prometheus.yml \
--storage.tsdb.path=/var/lib/prometheus/
Restart=always

[Install]
WantedBy=multi-user.target

      5. Start Prometheus

      sudo systemctl daemon-reexec

sudo systemctl enable prometheus

sudo systemctl start prometheus
    • Prometheus will run on port 9090
      Check by visiting:
      http://<your-ec2-public-ip>:9090
    • Install Grafana
      ubuntu
      sudo apt-get install -y software-properties-common
sudo add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"
sudo apt-get update
sudo apt-get install grafana

      Amazon Linux 2

      sudo yum install -y https://dl.grafana.com/oss/release/grafana-8.3.0-1.x86_64.rpm

      Start Grafana

      sudo systemctl enable grafana-server

sudo systemctl start grafana-server

      Grafana will run on port 3000
      Access it via:

      http://<your-ec2-public-ip>:3000
      Login to Grafana

      • Username: admin

      • Password: admin (you will be prompted to change it)

      Add Prometheus as a Data Source in Grafana

      1. Click the gear icon in the left menu → Data Sources.

      2. Select Prometheus.

      3. Set the URL to:
        http://<your-ec2-public-ip>:9090

      4. Click Save & Test to verify the connection.
        Using Node Exporter for System Metrics

        To monitor EC2-level system metrics like CPU, disk, and memory:

        1. Download and install Node Exporter:

wget https://github.com/prometheus/node_exporter/releases/download/v1.5.0/node_exporter-1.5.0.linux-amd64.tar.gz
tar -xvzf node_exporter-1.5.0.linux-amd64.tar.gz
cd node_exporter-1.5.0.linux-amd64
./node_exporter

        2. Update  prometheus.yml

        scrape_configs:

- job_name: 'node'

static_configs:

- targets: ['localhost:9100']

      3. Restart Prometheus to load changes:

                   sudo systemctl restart prometheus

    Conclusion

    Prometheus and Grafana together form a powerful, open-source monitoring and visualization stack. Setting them up on AWS EC2 gives you full control of your metrics and dashboards. Whether you’re monitoring applications, infrastructure, or containers, this setup gives you the tools to ensure performance and reliability.

  • How to Automatically Connect an Amazon EC2 Instance to an Amazon RDS Database

    If you’re building applications on AWS, you often need to connect your EC2 instance (which hosts your app or website) to an Amazon RDS database for data storage. AWS makes this connection easy with an automatic connection feature that configures the necessary security settings for you.

    In this tutorial, I’ll walk you through how to automatically connect an EC2 instance to an RDS database using the AWS Management Console.

    Why Use the Automatic Connection Feature?

    When connecting EC2 to RDS manually, you have to configure security groups to allow communication between them. This can be tricky and error-prone.

    The automatic connection feature takes care of:

    • Creating security groups for your EC2 instance and RDS database

    • Setting up inbound/outbound rules that allow traffic only between the two

    • Ensuring least privilege security

    This lets you focus on building your application without worrying about network configuration details.

    Prerequisites

    • AWS account with permission to create EC2 and RDS resources

    • Basic familiarity with AWS Management Console

    • EC2 instance and RDS database in the same AWS Region and same VPC

    Option 1: Automatically Connect EC2 to RDS Using the EC2 Console

    Step 1: Launch an EC2 Instance

    1. Open the EC2 Console in AWS.

    2. Click Launch Instances.

    3. Select your preferred AMI (e.g., Ubuntu Server).

    4. Choose instance type (e.g., t2.micro for free tier).

    5. Configure instance details — make sure to launch the instance in your desired VPC.

    6. Add storage and tags as needed.

    7. In Configure security group:

      • You can create a new security group or select an existing one.

      • Don’t worry about database access yet; this will be handled automatically.

    8. Launch your instance.

    Step 2: Create or Identify an RDS Database

    1. Open the RDS Console.

    2. Click Databases > Create database.

    3. Choose MySQL or any database engine you prefer.

    4. Choose Standard create and fill in the necessary fields.

    5. Important: Choose the same VPC as your EC2 instance.

    6. Complete other settings and create the database.

    Step 3: Automatically Connect the EC2 Instance to RDS

    1. Go back to the EC2 Console.

    2. Select your EC2 instance.

    3. In the Actions dropdown, choose Connect to database.

    4. Select your RDS database from the list.

    5. AWS will automatically:

      • Create and assign two security groups:

        • One for the EC2 instance (outbound rule to RDS security group).

        • One for the RDS database (inbound rule from EC2 security group).

      • Configure the security group rules to allow traffic on the database port (usually 3306 for MySQL).

    6. You will see a confirmation once this setup completes.

    Option 2: Automatically Connect EC2 to RDS Using the RDS Console

    Alternatively, you can do the automatic connection starting from the RDS Console.

    1. Open the RDS Console.

    2. Select your database.

    3. Click the Actions dropdown.

    4. Choose Connect to instance.

    5. Select your EC2 instance.

    6. AWS will automatically create the security groups and configure access rules just like in Option 1.

    How It Works Under the Hood

    • Two security groups are created:

      • EC2 security group with outbound access to the RDS security group.

      • RDS security group with inbound access from the EC2 security group.

    • This separation allows better security management and least privilege access.

    • EC2 can now securely communicate with RDS on the database port (e.g., 3306).

    What’s Next?

    • Connect to your EC2 instance and test the database connection using your database client or application.

    • Use the RDS database endpoint and credentials in your app’s configuration.

    • If you’re running a WordPress site, for example, you would enter the RDS endpoint and DB credentials during setup.

    Summary

    Automatically connecting your EC2 instance to your RDS database via the AWS Management Console:

    • Saves time and reduces mistakes configuring security groups

    • Ensures secure, least-privileged communication between resources

    • Makes your AWS architecture cleaner and easier to manage