Nasohi Ciptandani

In this guide, you'll learn how to forward ModSecurity logs from Apache to AWS CloudWatch Logs using the CloudWatch Agent on an EC2 instance with an IAM Role , and ensure it runs reliably using systemd . ✅ Prerequisites An EC2 instance (Ubuntu/Debian) Apache2 and ModSecurity installed Instance has an IAM Role attached with permission: CloudWatchAgentServerPolicy or: { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Resource": "*" } ⚙️ Step 1: Install the CloudWatch Agent cd /opt curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb sudo dpkg -i amazon-cloudwatch-agent.deb 🛠️ Step 2: Create the Agent Configuration File Save this file as /opt/cloudwatch-config.json : { "logs": { "logs_colle...

Amazon RDS supports IAM-based authentication for MySQL. This means you no longer need to hardcode passwords in your code or scripts — instead, you generate a temporary IAM token securely. But setting it up can get tricky. In this guide, you’ll learn: ✅ How to configure IAM auth for MySQL ✅ How to grant user access ✅ How to import a .sql file securely ✅ How to fix common errors like ERROR 1045 and plugin not enabled ✅ Step 1: Enable IAM DB Authentication on Your RDS Instance Go to RDS Console > Your DB > Modify Scroll to "IAM DB Authentication" Set to ✅ Enabled Apply changes ( Apply immediately ) This allows your MySQL instance to accept login using IAM tokens. ✅ Step 2: Create a MySQL User with IAM Plugin Connect using the master user : mysql -h <rds-endpoint> -u <master-user> -p Create a new user (e.g. wordpress_db_user ) with IAM support: CREATE USER 'wordpress_db_user'@'%' IDENTIFIED WITH AWSAuthenticationPl...