diff --git a/modules/monitoring/README.md b/modules/monitoring/README.md
new file mode 100644
index 0000000..6705d1a
--- /dev/null
+++ b/modules/monitoring/README.md
@@ -0,0 +1,3 @@
+# GraphDB AWS Configuration Module
+
+TBD
diff --git a/modules/monitoring/main.tf b/modules/monitoring/main.tf
new file mode 100644
index 0000000..3c712d5
--- /dev/null
+++ b/modules/monitoring/main.tf
@@ -0,0 +1,25 @@
+resource "aws_cloudwatch_dashboard" "main" {
+  dashboard_name = "${var.resource_name_prefix}-dashboard"
+
+  dashboard_body = jsonencode({
+    widgets = [
+      {
+        "height": 6,
+        "width": 6,
+        "y": 0,
+        "x": 0,
+        "type": "metric",
+        "properties": {
+          "metrics": [
+            [ { "expression": "SELECT AVG(graphdb_cpu_load) FROM \"GraphDB-Metrics\" GROUP BY host", "id": "q1", "label": "CPU", "${var.aws_region}": "eu-central-1", "stat": "Average" } ]
+          ],
+          "region": var.aws_region,
+          "stacked": false,
+          "view": "timeSeries",
+          "period": 300,
+          "stat": "Average"
+        }
+      }
+    ]
+  })
+}
\ No newline at end of file
diff --git a/modules/monitoring/outputs.tf b/modules/monitoring/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/modules/monitoring/variables.tf b/modules/monitoring/variables.tf
new file mode 100644
index 0000000..5d2d584
--- /dev/null
+++ b/modules/monitoring/variables.tf
@@ -0,0 +1,9 @@
+variable "resource_name_prefix" {
+  description = "Resource name prefix used for tagging and naming AWS resources"
+  type        = string
+}
+
+variable "aws_region" {
+  description = "AWS region where GraphDB is being deployed"
+  type        = string
+}
\ No newline at end of file
diff --git a/modules/user_data/templates/start_graphdb.sh.tpl b/modules/user_data/templates/start_graphdb.sh.tpl
index 895860a..f7679cb 100644
--- a/modules/user_data/templates/start_graphdb.sh.tpl
+++ b/modules/user_data/templates/start_graphdb.sh.tpl
@@ -231,6 +231,9 @@ echo 'fs.file-max = 262144' | tee -a /etc/sysctl.conf
 
 sysctl -p
 
+chown -R graphdb:graphdb /etc/graphdb/ /etc/prometheus/
+amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/etc/graphdb/cloudwatch-agent-config.json
+
 # the proxy service is set up in the AMI but not enabled there, so we enable and start it
 systemctl daemon-reload
 systemctl start graphdb