DEV Community: Smit Vaghasiya

Grafana Cloud Monitoring Setup (Apache + PHP-FPM + Alloy)

Smit Vaghasiya — Wed, 10 Dec 2025 04:42:53 +0000

Step 1: Install Grafana Alloy on EC2

Go to Grafana Cloud → Collector → Configure.
Create a new API token.
Copy & paste the installation command provided by Grafana into your EC2 instance.
After installation, go to:

cd /etc/alloy

Open the configuration file:

sudo nano config.alloy

Paste Alloy configuration: config.alloy (Note: Do not change the creds of Prometheus and Loki and remotecfg.)

Comment your GitHub profile, and I’ll share the config.alloy file.

Restart Alloy:

sudo systemctl restart alloy.service

Go to Grafana Cloud and confirm that Alloy is connected.

Step 2: Verify System Metrics in Grafana

Go to Grafana Cloud → Fleet Management.
Select the EC2 instance (identified by its IP).
Use Explore to verify that CPU, memory, disk and other system metrics are being received.

Step 3: Enable Apache mod_status

Edit status.conf:

sudo nano /etc/apache2/mods-available/status.conf

Add the following (if not present):

<Location "/server-status"> 
    SetHandler server-status 
    Require local 
</Location>

Restart Apache:

sudo systemctl restart apache2.service

Step 4: Enable PHP-FPM Status & Ping Pages

4.1 Update www.conf

Edit:

sudo nano /etc/php/8.1/fpm/pool.d/www.conf

Change / add the following:

listen.owner = www-data 
listen.group = www-data 
listen.mode = 0660 
ping.path = /ping  
pm.status_path = /status 
listen = /run/php/php8.1-fpm.sock

Restart PHP-FPM:

sudo systemctl restart php8.1-fpm

Check the /run/php/ the file (php8.1-fpm.sock) is created or not.

4.2 Create php-fpm-status.conf

Create file:

sudo nano /etc/apache2/conf-available/php-fpm-status.conf

Paste:

<Location "/status"> 
    SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost" 
</Location> 

<Location "/ping"> 
    SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost" 
</Location>

Restart services:

sudo systemctl restart apache2 
sudo systemctl restart php8.1-fpm

Step 5: Enable Required Apache Modules

sudo a2enmod proxy proxy_fcgi setenvif 
sudo a2enconf php-fpm-status 
sudo systemctl restart apache2

Step 6: Install PHP-FPM Exporter

6.1 Download & Install Exporter

wget https://github.com/hipages/php-fpm_exporter/releases/download/v2.2.0/php-fpm_exporter_2.2.0_linux_amd64.tar.gz  
tar -xvzf php-fpm_exporter*.tar.gz  
sudo mv php-fpm_exporter /usr/local/bin/

6.2 Create Exporter User

sudo useradd --system --no-create-home --shell /usr/sbin/nologin phpfpm_exporter 
sudo usermod -aG www-data phpfpm_exporter

6.3 Create Systemd Service

sudo nano /etc/systemd/system/php-fpm-exporter.service

Paste:

[Unit] 
Description=PHP-FPM Prometheus Exporter 
After=network.target 

[Service] 
User=phpfpm_exporter 
Group=www-data 
ExecStart=/usr/local/bin/php-fpm_exporter server \ 
  --phpfpm.scrape-uri='unix:///run/php/php8.1-fpm.sock;/status' \ 
  --web.listen-address=':9253' 
Restart=always 
RestartSec=5 

[Install] 
WantedBy=multi-user.target

6.4 Start the Service

sudo systemctl daemon-reload 
sudo systemctl enable --now php-fpm-exporter 
sudo systemctl status php-fpm-exporter

6.5 Test Metrics

curl http://127.0.0.1/status 
curl http://127.0.0.1:9253/metrics

Now restart Alloy:

sudo systemctl restart alloy

Step 7: Verify PHP-FPM Metrics in Grafana

Return to Grafana Cloud → Explore.
Search for PHP-FPM metrics such as:

1. phpfpm_active_processes 
2. phpfpm_requests_total 
3. phpfpm_slow_requests

Confirm that all Apache, System, PHP-FPM metrics are now visible.

Unlocking Business Insights with AWS QuickSight

Smit Vaghasiya — Tue, 11 Nov 2025 11:08:08 +0000

In today’s data-driven world, every organization wants to transform raw data into meaningful insights that drive smarter decisions. Yet, traditional business intelligence (BI) tools often come with steep licensing costs, complex infrastructure requirements, and scalability challenges.
That’s where AWS QuickSight steps in — Amazon’s fully managed, serverless BI service designed for modern, cloud-native analytics.

What Is AWS QuickSight?

AWS QuickSight is a scalable, pay-per-session analytics service that allows businesses to visualize data, perform ad-hoc analysis, and share interactive dashboards securely. Unlike traditional BI tools that require manual setup and management, QuickSight integrates seamlessly with your existing AWS ecosystem — including S3, RDS, Redshift, Athena, and even third-party data sources like Salesforce or Excel files.

QuickSight eliminates the need for maintaining servers or infrastructure. You simply connect your data sources, prepare datasets, and start building dashboards using a clean, intuitive drag-and-drop interface.

Key Features That Make QuickSight Stand Out

Serverless and Fully Managed: No servers to deploy or maintain — AWS automatically scales resources as per your workload.
Pay-per-Session Pricing: You only pay when users access dashboards, making it ideal for organizations with variable analytics needs.
AI-Powered Insights (ML Insights): QuickSight’s machine learning capabilities help detect anomalies, forecast trends, and highlight patterns that traditional dashboards might miss.
Seamless AWS Integration: Natively connects with AWS data services — ensuring real-time and secure access to your cloud data.
Embedded Analytics: QuickSight allows embedding dashboards into web apps or internal portals, enabling a smooth experience for business users.

How I Used QuickSight for Business Analytics

I implemented AWS QuickSight to analyze application data and generate actionable business insights.
Our goal was to create an automated pipeline that could process raw data, transform it into meaningful metrics, and visualize trends for better decision-making.

Here’s how we approached it:

Data Collection: We extracted raw data directly from the application and stored it in Amazon S3 for centralized access and durability.
Data Processing: The data was cleaned, transformed, and prepared using processing scripts and queries to structure it for analytics.
Dataset Creation in QuickSight: The processed data from S3 was loaded into QuickSight datasets, where we applied custom SQL queries according to business requirements to filter, aggregate, and enrich the data.
Dashboard Design: Using QuickSight’s interactive visuals, we created dashboards showing:
a. Application usage trends
b. User engagement metrics
c. Operational efficiency insights
d. Cost and performance comparisons
Business Value: This solution helped convert raw application data into clear, visual insights, enabling stakeholders to identify growth areas, optimize operations, and make data-driven decisions effectively.

Why Businesses Should Choose QuickSight

Scalability: From startups to large enterprises, QuickSight scales automatically with growing data and users.
Accessibility: Users can access dashboards from browsers or mobile apps — no special software needed.
Security: Integrated with AWS IAM, VPCs, and KMS for secure access and data protection.
Speed: Data refreshes and visualizations happen almost instantly, enabling near real-time analytics.

Conclusion

AWS QuickSight isn’t just another BI tool — it’s a strategic enabler that helps organizations turn cloud data into business value. Whether you want to monitor costs, track sales, or visualize customer engagement, QuickSight gives you the speed, flexibility, and intelligence needed to stay ahead.

Revolutionary AI-Powered EC2 Analyzer

Smit Vaghasiya — Fri, 13 Jun 2025 04:35:53 +0000

Smit Vaghasiya

Jun 13 '25

Revolutionary AI-Powered EC2 Analyzer

#aws #ai #powerautomate #security

Comments 4

4 min read

Revolutionary AI-Powered EC2 Analyzer

Smit Vaghasiya — Fri, 13 Jun 2025 04:35:16 +0000

A ground-breaking EC2 instance analysis tool that leverages advanced AI and machine learning to provide unprecedented insights into your AWS infrastructure.

🚀 Revolutionary Features

🤖 AI-Powered Analysis

Predictive Analytics: Forecast future resource needs, capacity planning, and failure prediction
Anomaly Detection: Advanced pattern recognition to identify subtle issues traditional monitoring misses
Intelligent Recommendations: Context-aware suggestions for optimization, security, and architecture
Comprehensive Insights: Multi-dimensional analysis covering optimization, security, cost, and performance

🔮 Predictive Capabilities

Future Resource Trends: Predict CPU, memory, and storage needs up to 12 months ahead
Failure Prediction: Identify potential failure points before they occur
Cost Forecasting: Project costs with market trends and optimization opportunities
Maintenance Scheduling: AI-recommended proactive maintenance windows

🚨 Advanced Anomaly Detection

Behavioural Pattern Analysis: Detect unusual usage patterns and configuration anomalies
Security Threat Detection: Identify potential security threats and attack patterns
Performance Deviation Analysis: Find performance issues indicating underlying problems
Cost Anomaly Detection: Discover billing irregularities and optimization opportunities

🧠 Intelligent Recommendations

Immediate Actions: Critical improvements with specific implementation steps
Strategic Improvements: Long-term optimization strategies with ROI calculations
Architecture Evolution: Modernization approaches and cloud-native transformation
Automation Opportunities: Self-healing configurations and monitoring automation
Compliance Roadmap: Security standards and governance policy enforcement

📋 Prerequisites

AWS Credentials: Configure AWS CLI or set environment variables
OpenAI API Key: Set OPENAI_API_KEY environment variable
Python 3.8+: Required for advanced AI features

🛠️ Installation

# Clone the repository
# (If you need access to the code, comment below)
git clone ##########################.git
cd ec2-ai-analyzer

# Install dependencies
pip install -r requirements.txt

# Set environment variables
export AWS_ACCESS_KEY_ID="your-aws-access-key"
export AWS_SECRET_ACCESS_KEY="your-aws-secret-key"
export AWS_DEFAULT_REGION="us-east-1"
export OPENAI_API_KEY="your-openai-api-key"
export OPENAI_API_BASE="https://api.openai.com/v1"  # Optional: custom endpoint

🚀 Usage

Basic Analysis

# Analyze all instances with AI
python ec2_ai_analyzer.py --all

# Analyze specific instance
python ec2_ai_analyzer.py --instance i-1234567890abcdef0

# Set environment explicitly
python ec2_ai_analyzer.py --instance i-1234567890abcdef0 --env prod

# Interactive mode
python ec2_ai_analyzer.py

🎯 AI Analysis Types

1. Predictive Analysis

Future CPU Trends: 30-day, 90-day, and yearly predictions
Capacity Planning: Scaling thresholds and optimal instance counts
Failure Prediction: Probability analysis and preventive actions
Cost Forecasting: Multi-timeframe cost projections

2. Anomaly Detection

Usage Anomalies: Unusual CPU, memory, and network patterns
Security Anomalies: Potential threats and misconfigurations
Performance Anomalies: Resource utilization deviations
Cost Anomalies: Billing irregularities and optimization opportunities

3. Intelligent Recommendations

Immediate Actions: 🚨 Critical fixes with specific steps
Strategic Improvements: 📈 Long-term optimization strategies
Architecture Evolution: 🏗️ Modernization and containerization
Automation Opportunities: 🤖 Self-healing and monitoring automation
Compliance Roadmap: ✅ Security and governance requirements

4. Comprehensive Insights

Optimization Insights: Performance and cost optimization opportunities
Security Insights: Vulnerability assessments and hardening recommendations
Architecture Insights: Modernization and cloud-native transformation
Cost Insights: Savings opportunities and budget optimization

📊 Output Features

Enhanced Visualization

Color-coded Results: Severity-based color coding for easy identification
Confidence Scores: AI confidence levels for each recommendation
Impact Assessment: Critical, high, medium, low impact categorization
Implementation Timelines: Estimated time to implement recommendations

Detailed Metrics

Risk Scores: Quantified risk assessment (0-100)
Estimated Savings: Dollar amounts for cost optimization opportunities
Performance Gains: Expected improvements from recommendations
Compliance Scores: Security and governance compliance ratings

🔧 Configuration

Environment-Specific Settings

The analyzer adapts its recommendations based on environment:

Development: Relaxed security, cost-focused recommendations
Staging: Balanced approach with moderate security requirements
Production: Strict security, high availability, and performance focus

AI Optimization Levels

Basic: Essential AI insights and recommendations
Intermediate: Enhanced analysis with predictive capabilities
Advanced: Full AI suite with comprehensive insights and automation

🛡️ Security Features

Traditional Security Checks

IAM instance profile validation
IMDSv2 enforcement verification
Security group analysis
VPC and subnet configuration review
EBS encryption validation

AI-Enhanced Security

Threat Pattern Recognition: Advanced security threat detection
Behavioural Analysis: Unusual access pattern identification
Vulnerability Assessment: AI-powered security gap analysis
Compliance Monitoring: Automated compliance requirement tracking

💡 Innovation Highlights

Revolutionary AI Integration

Multi-Model Analysis: Combines multiple AI models for comprehensive insights
Contextual Intelligence: Environment-aware recommendations
Predictive Modelling: Future-state analysis and planning
Pattern Recognition: Advanced anomaly and threat detection
Automated Optimization: Self-improving recommendations

Advanced Features

Parallel Processing: Concurrent AI analysis for faster results
Real-time Insights: Live analysis with immediate recommendations
Historical Correlation: Pattern analysis across time periods
Cross-Instance Analysis: Fleet-wide optimization opportunities

🎯 Use Cases

DevOps Teams

Infrastructure Optimization: AI-driven performance tuning
Cost Management: Intelligent cost reduction strategies
Security Hardening: Automated security improvement recommendations
Capacity Planning: Predictive scaling and resource allocation

Cloud Architects

Architecture Modernization: Cloud-native transformation guidance
Technology Migration: Container and serverless migration strategies
Best Practices: AI-curated industry best practices
Compliance Management: Automated governance and compliance

Security Teams

Threat Detection: Advanced security threat identification
Vulnerability Management: AI-powered security gap analysis
Compliance Monitoring: Continuous compliance assessment
Risk Assessment: Quantified security risk evaluation

🔮 Future Enhancements

Machine Learning Model Training: Custom models for specific environments
Integration APIs: REST API for programmatic access
Dashboard Interface: Web-based visualization and reporting
Automated Remediation: Self-healing infrastructure capabilities
Multi-Cloud Support: Analysis across AWS, Azure, and GCP

📞 Support

For issues, feature requests, or questions about the AI-powered analysis capabilities, please refer to the documentation or contact the development team.

Powered by Advanced AI and Machine Learning 🤖

Revolutionary AI-Powered EC2 Analyzer

Smit Vaghasiya — Fri, 13 Jun 2025 04:35:16 +0000

A ground-breaking EC2 instance analysis tool that leverages advanced AI and machine learning to provide unprecedented insights into your AWS infrastructure.

🚀 Revolutionary Features

🤖 AI-Powered Analysis

Predictive Analytics: Forecast future resource needs, capacity planning, and failure prediction
Anomaly Detection: Advanced pattern recognition to identify subtle issues traditional monitoring misses
Intelligent Recommendations: Context-aware suggestions for optimization, security, and architecture
Comprehensive Insights: Multi-dimensional analysis covering optimization, security, cost, and performance

🔮 Predictive Capabilities

Future Resource Trends: Predict CPU, memory, and storage needs up to 12 months ahead
Failure Prediction: Identify potential failure points before they occur
Cost Forecasting: Project costs with market trends and optimization opportunities
Maintenance Scheduling: AI-recommended proactive maintenance windows

🚨 Advanced Anomaly Detection

Behavioural Pattern Analysis: Detect unusual usage patterns and configuration anomalies
Security Threat Detection: Identify potential security threats and attack patterns
Performance Deviation Analysis: Find performance issues indicating underlying problems
Cost Anomaly Detection: Discover billing irregularities and optimization opportunities

🧠 Intelligent Recommendations

Immediate Actions: Critical improvements with specific implementation steps
Strategic Improvements: Long-term optimization strategies with ROI calculations
Architecture Evolution: Modernization approaches and cloud-native transformation
Automation Opportunities: Self-healing configurations and monitoring automation
Compliance Roadmap: Security standards and governance policy enforcement

📋 Prerequisites

AWS Credentials: Configure AWS CLI or set environment variables
OpenAI API Key: Set OPENAI_API_KEY environment variable
Python 3.8+: Required for advanced AI features

🛠️ Installation

# Clone the repository
# (If you need access to the code, comment below)
git clone ##########################.git
cd ec2-ai-analyzer

# Install dependencies
pip install -r requirements.txt

# Set environment variables
export AWS_ACCESS_KEY_ID="your-aws-access-key"
export AWS_SECRET_ACCESS_KEY="your-aws-secret-key"
export AWS_DEFAULT_REGION="us-east-1"
export OPENAI_API_KEY="your-openai-api-key"
export OPENAI_API_BASE="https://api.openai.com/v1"  # Optional: custom endpoint

🚀 Usage

Basic Analysis

# Analyze all instances with AI
python ec2_ai_analyzer.py --all

# Analyze specific instance
python ec2_ai_analyzer.py --instance i-1234567890abcdef0

# Set environment explicitly
python ec2_ai_analyzer.py --instance i-1234567890abcdef0 --env prod

# Interactive mode
python ec2_ai_analyzer.py

🎯 AI Analysis Types

1. Predictive Analysis

Future CPU Trends: 30-day, 90-day, and yearly predictions
Capacity Planning: Scaling thresholds and optimal instance counts
Failure Prediction: Probability analysis and preventive actions
Cost Forecasting: Multi-timeframe cost projections

2. Anomaly Detection

Usage Anomalies: Unusual CPU, memory, and network patterns
Security Anomalies: Potential threats and misconfigurations
Performance Anomalies: Resource utilization deviations
Cost Anomalies: Billing irregularities and optimization opportunities

3. Intelligent Recommendations

Immediate Actions: 🚨 Critical fixes with specific steps
Strategic Improvements: 📈 Long-term optimization strategies
Architecture Evolution: 🏗️ Modernization and containerization
Automation Opportunities: 🤖 Self-healing and monitoring automation
Compliance Roadmap: ✅ Security and governance requirements

4. Comprehensive Insights

Optimization Insights: Performance and cost optimization opportunities
Security Insights: Vulnerability assessments and hardening recommendations
Architecture Insights: Modernization and cloud-native transformation
Cost Insights: Savings opportunities and budget optimization

📊 Output Features

Enhanced Visualization

Color-coded Results: Severity-based color coding for easy identification
Confidence Scores: AI confidence levels for each recommendation
Impact Assessment: Critical, high, medium, low impact categorization
Implementation Timelines: Estimated time to implement recommendations

Detailed Metrics

Risk Scores: Quantified risk assessment (0-100)
Estimated Savings: Dollar amounts for cost optimization opportunities
Performance Gains: Expected improvements from recommendations
Compliance Scores: Security and governance compliance ratings

🔧 Configuration

Environment-Specific Settings

The analyzer adapts its recommendations based on environment:

Development: Relaxed security, cost-focused recommendations
Staging: Balanced approach with moderate security requirements
Production: Strict security, high availability, and performance focus

AI Optimization Levels

Basic: Essential AI insights and recommendations
Intermediate: Enhanced analysis with predictive capabilities
Advanced: Full AI suite with comprehensive insights and automation

🛡️ Security Features

Traditional Security Checks

IAM instance profile validation
IMDSv2 enforcement verification
Security group analysis
VPC and subnet configuration review
EBS encryption validation

AI-Enhanced Security

Threat Pattern Recognition: Advanced security threat detection
Behavioural Analysis: Unusual access pattern identification
Vulnerability Assessment: AI-powered security gap analysis
Compliance Monitoring: Automated compliance requirement tracking

💡 Innovation Highlights

Revolutionary AI Integration

Multi-Model Analysis: Combines multiple AI models for comprehensive insights
Contextual Intelligence: Environment-aware recommendations
Predictive Modelling: Future-state analysis and planning
Pattern Recognition: Advanced anomaly and threat detection
Automated Optimization: Self-improving recommendations

Advanced Features

Parallel Processing: Concurrent AI analysis for faster results
Real-time Insights: Live analysis with immediate recommendations
Historical Correlation: Pattern analysis across time periods
Cross-Instance Analysis: Fleet-wide optimization opportunities

🎯 Use Cases

DevOps Teams

Infrastructure Optimization: AI-driven performance tuning
Cost Management: Intelligent cost reduction strategies
Security Hardening: Automated security improvement recommendations
Capacity Planning: Predictive scaling and resource allocation

Cloud Architects

Architecture Modernization: Cloud-native transformation guidance
Technology Migration: Container and serverless migration strategies
Best Practices: AI-curated industry best practices
Compliance Management: Automated governance and compliance

Security Teams

Threat Detection: Advanced security threat identification
Vulnerability Management: AI-powered security gap analysis
Compliance Monitoring: Continuous compliance assessment
Risk Assessment: Quantified security risk evaluation

🔮 Future Enhancements

Machine Learning Model Training: Custom models for specific environments
Integration APIs: REST API for programmatic access
Dashboard Interface: Web-based visualization and reporting
Automated Remediation: Self-healing infrastructure capabilities
Multi-Cloud Support: Analysis across AWS, Azure, and GCP

📞 Support

For issues, feature requests, or questions about the AI-powered analysis capabilities, please refer to the documentation or contact the development team.

Powered by Advanced AI and Machine Learning 🤖

Scaling Your Node.js App with PM2: Cluster Mode vs Fork Mode

Smit Vaghasiya — Mon, 28 Apr 2025 10:30:26 +0000

If you’re building a production-grade Node.js application, you’ve probably heard of PM2 — a powerful process manager that helps you manage and keep your application alive forever.

But did you know PM2 supports multi-threading using cluster mode?

In this article, I’ll walk you through the difference between Cluster mode and Fork mode in PM2, and how to use them with a real example using ecosystem.config.js.

🧠 What is PM2?

PM2 is a production process manager for Node.js applications. It handles:

Process management
Load balancing
Automatic restarts
Monitoring and logging

You can install it globally using:

sudo npm install -g pm2

Check the version to ensure it’s installed:

pm2 --version

🔁 Fork Mode (Single-threaded)

Fork mode is the default mode in PM2. It runs a single instance of your app per pm2 process. This is useful for simple apps or scripts that don’t require multithreading or load balancing.

Example config:

module.exports = {
  apps: [
    {
      name: "my_app",            // Replace with your desired app name 
      script: "npm",
      args: "run dev",
      env: {
        NODE_ENV: "production"
      }
    }
  ]
};

Start it with:

pm2 start ecosystem.config.js

⚡ Cluster Mode (Multi-threaded / Load-balanced)

If your app is CPU-bound or needs to handle multiple requests efficiently, cluster mode is your friend. It uses the cluster module internally to spin up multiple instances (forks) of your app — one for each CPU core.

This brings:

Better performance
Automatic load balancing
Multi-core CPU usage

For Cluster mode, you can install it globally using:

sudo npm install -g @socket.io/pm2

Example config:

module.exports = {
    apps: [
        {
            name: "my_app", 
            script: "index.js", // Your app’s entry point
            instances: "max",   // Automatically uses all CPU cores
            exec_mode: "cluster", 
            env: {
                NODE_ENV: "production"
            }
        }
    ]
};

Start it with:

pm2 start ecosystem.config.js

This will run your app in cluster mode, utilizing all CPU cores efficiently.

✅ When to Use What?

|Mode           |Use When...                                                |
|---------------|-----------------------------------------------------------|
|Fork Mode      |Simpler apps, background jobs, or single-threaded logic    |
|Cluster Mode   |You want to scale across all CPU cores and handle more load|

🧪 Final Steps: Useful PM2 Commands

Check app status: pm2 status
View logs: pm2 logs
Restart app: pm2 restart all
Stop app: pm2 stop my_app
Save process list for auto-start on reboot: pm2 save
Start automatically on server reboot: pm2 startup
Follow the command after pm2 startup it gives: sudo env PATH=$PATH:/home/ubuntu/.nvm/versions/node/vXX.X.X/bin pm2 startup systemd -u ubuntu --hp /home/ubuntu)

Conclusion

Using PM2 with cluster mode can significantly boost your app’s performance by utilizing all available CPU cores. It’s an easy way to scale your Node.js app without switching to more complex solutions.

Let me know in the comments how you're using PM2, or if you’ve tried out both modes!

Monitor Your Services with Gatus + Docker (Alternative to Uptime Kuma)

Smit Vaghasiya — Fri, 11 Apr 2025 06:40:03 +0000

Gatus is a lightweight, open-source uptime monitoring tool that checks your endpoints, evaluates conditions, and sends alerts (Slack, Discord, etc.). Perfect for DevOps and developers who want a simple yet powerful monitoring solution.

Prerequisites

Docker & Docker Compose installed
A Slack webhook URL (for alerts) – Get it here

Step 1: Setup Directory Structure
Create a folder named gatus with subfolders for configs and data:

mkdir -p gatus
cd gatus/
mkdir config data

Your structure should look like this:

gatus/  
├── docker-compose.yml  
├── config/  
│   └── config.yaml  # Monitoring rules & alerts  
└── data/            # Database storage

Step 2: Configure docker-compose.yml
Paste this into gatus/docker-compose.yml:

services:
  gatus:
    image: twinproduction/gatus:latest
    ports:
      - "7777:8080"
    volumes:
      - ./config:/config
      - ./data:/data/
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - TZ=Asia/Kolkata

Step 3: Configure config.yaml
Edit gatus/config/config.yaml (example below checks a website and alerts via Slack):

alerting:
  slack:
    webhook-url: "https://hooks.slack.com/services/................."
    default-alert:
      failure-threshold: 3
      send-on-resolved: true
      send-on-recovery: true

security:
  basic:
    username: "gatus"
    password-bcrypt-base64: "JDJ5JDA5JDdDb1k5UC5LMGRBdGszTTA0SHE1ZGVRdkFnTzgxTUNkemVQbXI1SjQ3eTVrNVc1Mi80ZS5L"

storage:
  type: sqlite
  path: /data/data.db


endpoints:
  - name: Buyer Panel Failed
    group: AWS
    url: "https://domain-name.com"
    interval: 30s
    conditions:
      - "[STATUS] == 200"
      - "[RESPONSE_TIME] < 1000"
    alerts:
      - type: slack
        description: "Buyer Panel in AWS is failed."

  - name: Vendor Panel Failed
    group: Google
    url: "https://domain-name.com/"
    interval: 30s
    conditions:
      - "[STATUS] == 200"
      - "[CERTIFICATE_EXPIRATION] > 48h"
      - "[RESPONSE_TIME] < 1000"
    alerts:
      - type: slack
        description: "Vendor Panel in Google is failed"

🔐 Generate Secure Credentials

Hash a password with bcrypt.online (e.g., mypassword → $2a$...). - Link
Encode the hash in Base64 (for YAML safety). - Link

Step 4: Launch Gatus
Run:

cd gatus && docker-compose up -d

Access the dashboard at:
👉 http://localhost:7777

Why Gatus?
✅ Lightweight, easy Docker setup
✅ Condition-based monitoring (status codes, response time)
✅ Slack/Discord/PagerDuty alerts
✅ Built-in authentication

GitHub Repo: Link

💬 Need help? Drop a comment! If you’ve used Uptime Kuma before, how does Gatus compare for your needs?

Implementing Pre-Signed URLs for Secure Access to Static Content

Smit Vaghasiya — Wed, 26 Mar 2025 13:27:36 +0000

Secure Access to Amazon CloudFront Content Using Pre-Signed URLs

Overview

Amazon CloudFront provides a way to restrict access to static content using pre-signed URLs. This implementation ensures that only authorized users can access the content by requiring a signed URL generated with a private key.

This document details the step-by-step process of setting up pre-signed URLs for secure access to CloudFront content.

Prerequisites

AWS Account with necessary IAM permissions
OpenSSL installed on your local machine
AWS CLI installed and configured
AWS SDK installed in your application

Step 1: Generate Public and Private Key Pair

CloudFront requires a public-private key pair for signing URLs.

💡 Commands

Open a terminal and run the following OpenSSL command to generate a 2048-bit RSA key pair:

openssl genrsa -out private_key.pem 2048
openssl rsa -pubout -in private_key.pem -out public_key.pem

Step 2: Upload the Public Key to CloudFront

Sign in to the AWS Management Console.
Navigate to CloudFront.
In the left pane, select Public Keys under Key Management.
Click Create public key.
Paste the copied content into the Public Key field.
Click Create.

Step 3: Create a Key Group in CloudFront

In the AWS CloudFront console, navigate to Key Groups.
Click Create key group.
Under Public Keys, select the previously created public key (e.g., CloudFrontKey).
Click Create key group.

Step 4: Modify CloudFront Distribution to Restrict Viewer Access

Go to the CloudFront Distributions section.
Select the desired CloudFront distribution.
Click the Behaviors tab and select the behavior associated with the static content.
In Restrict Viewer Access, choose Yes.
Under Trusted Key Groups, select the created key group (e.g., TrustedUsersKeyGroup).
Click Save Changes.

Step 5: Install AWS SDK for Application Integration

The AWS SDK will be used to generate signed URLs in the application.

Conclusion

You have successfully implemented pre-signed URLs for secure access to static content in AWS CloudFront. This ensures that only users with a valid signed URL can access the content while preventing unauthorized access.

Additional Security Considerations

Store the private key securely using AWS Secrets Manager or another secure storage.
Rotate the private key periodically for enhanced security.

K8s Cluster Configuration Backup - By Velero

Smit Vaghasiya — Wed, 05 Mar 2025 08:03:29 +0000

This documentation provides detailed steps for taking a backup and restoring Kubernetes resources, including persistent volume data, using Velero in an Amazon EKS cluster.

1. Overview
Velero is an open-source tool used for backup and restore, disaster recovery, and migration of Kubernetes resources and persistent volumes. In Amazon EKS, Velero is used to back up:
Kubernetes Objects: Configurations, resources, etc.
Persistent Volume Data: Application data stored in persistent volumes.

2. Prerequisites
Before starting the backup and restore process, ensure the following prerequisites are met:

Amazon EKS Cluster: Ensure your cluster is up and running.
kubectl: Installed and configured to communicate with your cluster.
AWS S3 Bucket: An Amazon S3 bucket to store backups.
AWS IAM User with S3 Access: Permissions to read/write to the S3 bucket. Velero CLI: Installed on your local system.

3. Install Velero CLI
Download and install the Velero CLI (compatible version with AWS EKS) on your local system:

curl -LO https://github.com/vmware-tanzu/velero/releases/download/v1.15.1/velero-v1.15.1-linux-amd64.tar.gz
tar -xzf velero-v1.15.1-linux-amd64.tar.gz
sudo mv velero-v1.15.1-linux-amd64/velero /usr/local/bin/

4. Install Velero on Kubernetes Cluster
Create IAM User and Policy:
Create an IAM policy with permissions to access S3 and EC2 (for volume snapshots).
Attach the policy to a new IAM user and generate API access keys (access key ID and secret access key).
Create S3 Bucket:
Create a new Amazon S3 bucket to store backups.
Install Velero in the cluster:

velero install \
    --provider aws \
    --plugins velero/velero-plugin-for-aws:v1.5.2 \
    --bucket <your-velero-backup-bucket> \
    --backup-location-config region=<aws-region> \
    --secret-file ./credentials-velero \
    --use-volume-snapshots=true \
    --use-restic

Replace with your S3 bucket name and with your desired AWS region.

5. Configure AWS IAM Permissions
Ensure that the AWS IAM user used by Velero has the necessary permissions to interact with the S3 bucket and perform volume snapshots. Below is an example IAM policy for Velero:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::<your-velero-backup-bucket>",
                "arn:aws:s3:::<your-velero-backup-bucket>/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeVolumes",
                "ec2:CreateSnapshot",
                "ec2:DeleteSnapshot"
            ],
            "Resource": "*"
        }
    ]
}

6. Create Backup
To create a backup of your Kubernetes cluster (including all objects and persistent volumes):

velero backup create brand-name-cluster-backup --include-cluster-resources=true --include-namespaces '*' --ttl 72h

7. Check Backup Status
To check the status of your backup:

velero backup get

This will display a list of all backups and their status.
You can remove the resources from the existing configuration for testing.

8. Restore Backup
To restore the backup from S3:

velero restore create --from-backup <backup-name>

Where is the name of the backup you created earlier (e.g., cluster-backup).

9. Automate Backups with CronJobs
You can set up automated backups using Kubernetes CronJobs. Below is an example of a CronJob configuration that runs daily backups at midnight UTC:

apiVersion: batch/v1
kind: CronJob
metadata:
  name: velero-backup
  namespace: velero
spec:
  schedule: "0 0 * * *"  # Runs daily at midnight UTC
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: velero
            image: velero/velero:latest
            command: ["/bin/sh", "-c"]
            args:
              - velero backup create daily-cluster-backup --include-namespaces '*' --ttl 72h;
          restartPolicy: OnFailure

To apply this CronJob: kubectl apply -f velero-backup-cronjob.yaml

Conclusion
You have now successfully set up Velero to take backups of your Kubernetes cluster, including both configurations and persistent volumes. You can do restore backups as needed or automate backups with Cronjobs.

Setting Up VPC Peering for Secure Access to ElastiCache in a Private Subnet

Smit Vaghasiya — Wed, 22 Jan 2025 13:45:04 +0000

When working with Amazon ElastiCache hosted in a private subnet, ensuring secure and seamless connectivity is crucial. In scenarios where a VPN is used for accessing resources, VPC peering is an effective solution to enable communication between the VPN VPC and the ElastiCache VPC. Here's a step-by-step guide to configure and use this setup efficiently:

Why VPC Peering?

VPC peering allows you to route traffic between two VPCs using private IP addresses. It's particularly useful when resources like ElastiCache are isolated in a private subnet for security purposes and you need to access them from another VPC, such as one connected via VPN.

Steps to Configure VPC Peering

1. Create a VPC Peering Connection: Establish a peering connection between the VPN VPC and the ElastiCache VPC. Make sure both VPCs are in the same AWS Region or across supported Regions.

2. Update Route Tables: Add the CIDR range of the VPN VPC to the route table of the private subnet in the ElastiCache VPC. Similarly, add the CIDR range of the ElastiCache VPC to the route table in the VPN VPC.

3. Modify Security Groups: Configure the security groups associated with the ElastiCache instance to allow inbound traffic from the CIDR range of the VPN VPC. This ensures that only traffic from the VPN-connected devices can access ElastiCache.

4. Test the Connection: To connect to ElastiCache:
~ First, establish a VPN connection to the VPN VPC.
~ Once connected to the VPN, you can interact with the ElastiCache instance as though it is within the same network.

Key Considerations
DNS Resolution: If you're using ElastiCache with a domain name, ensure that DNS resolution is enabled for the peering connection.

Latency: VPC peering ensures low-latency connectivity as it avoids the public internet.

Final Thoughts
By configuring VPC peering and route tables appropriately, you can seamlessly access ElastiCache in a private subnet via a VPN. This setup combines security, performance, and flexibility, enabling you to leverage ElastiCache efficiently in your applications.

Amazon SES Setup for Tracking Bounces and Complaints

Smit Vaghasiya — Fri, 10 Jan 2025 06:45:34 +0000

Objective

To configure Amazon SES to capture and analyze bounce and complaint notifications for emails sent through SES, ensuring efficient handling of email delivery issues and maintaining sender reputation.

Set Up Amazon SES

Verify Your Domain/Email Address:

Go to the Amazon SES console.
Verify the email addresses or domain from which you plan to send emails.
Optional: Add the TXT, CNAME, and MX records to your DNS for domain verification (if sending from a domain).

Optional: Enable DKIM (DomainKeys Identified Mail):

In SES, enable DKIM to sign emails and improve deliverability.
Update your DNS with the DKIM records provided by SES.

Send Test Emails

Use the SES console or an application to send test emails to ensure the setup is correct.

Configure Bounce and Complaint Notifications

Create a Configuration Set:

In SES, create a configuration set to track email sending events like bounces or complaints. Attach Event Destinations:
Create new Amazon SNS as an event destination in the configuration set.
Specify which events (bounces/complaints) you want notifications for.

Note: Make the separate event destination for bounce and complaint in configuration set.

Set Up Amazon SNS for Notifications

Subscribe to the Topics:

Add subscriptions to the topics based on your preference:
Email (to receive notifications in your inbox).

Outcome

By completing this setup, you will:

Automatically track emails that are bounced or marked as complaints.
Receive notifications through Amazon SNS.
Use the data to improve email deliverability and reduce sending to invalid or flagged addresses.
You can also check the suppression list in SES to see the list of bounce and complaint.