diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..b2dadf3
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,9 @@
+root = true
+
+[*]
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+indent_style = space
+indent_size = 2
diff --git a/examples/vpc-with-multiple-az/main.tf b/examples/vpc-with-multiple-az/main.tf
index 23e30e2..9a9043b 100644
--- a/examples/vpc-with-multiple-az/main.tf
+++ b/examples/vpc-with-multiple-az/main.tf
@@ -28,3 +28,10 @@ module "graphdb" {
   ami_id          = var.ami_id
   graphdb_version = var.graphdb_version
 }
+
+module "monitoring" {
+  source = "./monitoring"
+
+  aws_region           = var.aws_region
+  resource_name_prefix = var.resource_name_prefix
+}
\ No newline at end of file
diff --git a/examples/vpc-with-multiple-az/monitoring/README.md b/examples/vpc-with-multiple-az/monitoring/README.md
new file mode 100644
index 0000000..a68a5f2
--- /dev/null
+++ b/examples/vpc-with-multiple-az/monitoring/README.md
@@ -0,0 +1,3 @@
+# GraphDB AWS Monitoring Module
+
+This module adds metrics scraping from GraphDB cluster to Cloudwatch.
diff --git a/examples/vpc-with-multiple-az/monitoring/main.tf b/examples/vpc-with-multiple-az/monitoring/main.tf
new file mode 100644
index 0000000..ed3c8ca
--- /dev/null
+++ b/examples/vpc-with-multiple-az/monitoring/main.tf
@@ -0,0 +1,25 @@
+resource "aws_cloudwatch_dashboard" "main" {
+  dashboard_name = "${var.resource_name_prefix}-dashboard"
+
+  dashboard_body = jsonencode({
+    widgets = [
+      {
+        "height": 6,
+        "width": 6,
+        "y": 0,
+        "x": 0,
+        "type": "metric",
+        "properties": {
+          "metrics": [
+            [ { "expression": "SELECT AVG(graphdb_cpu_load) FROM \"${var.resource_name_prefix}-graphdb\" GROUP BY host", "id": "q1", "label": "CPU", "region": var.aws_region, "stat": "Average" } ]
+          ],
+          "region": var.aws_region,
+          "stacked": false,
+          "view": "timeSeries",
+          "period": 300,
+          "stat": "Average"
+        }
+      }
+    ]
+  })
+}
\ No newline at end of file
diff --git a/examples/vpc-with-multiple-az/monitoring/outputs.tf b/examples/vpc-with-multiple-az/monitoring/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/examples/vpc-with-multiple-az/monitoring/variables.tf b/examples/vpc-with-multiple-az/monitoring/variables.tf
new file mode 100644
index 0000000..5d2d584
--- /dev/null
+++ b/examples/vpc-with-multiple-az/monitoring/variables.tf
@@ -0,0 +1,9 @@
+variable "resource_name_prefix" {
+  description = "Resource name prefix used for tagging and naming AWS resources"
+  type        = string
+}
+
+variable "aws_region" {
+  description = "AWS region where GraphDB is being deployed"
+  type        = string
+}
\ No newline at end of file
diff --git a/examples/vpc-with-multiple-az/monitoring/versions.tf b/examples/vpc-with-multiple-az/monitoring/versions.tf
new file mode 100644
index 0000000..761245a
--- /dev/null
+++ b/examples/vpc-with-multiple-az/monitoring/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.4.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.15"
+    }
+  }
+}
diff --git a/modules/iam/main.tf b/modules/iam/main.tf
index ee17888..71b0f19 100644
--- a/modules/iam/main.tf
+++ b/modules/iam/main.tf
@@ -3,6 +3,11 @@ resource "aws_iam_instance_profile" "graphdb" {
   role        = var.user_supplied_iam_role_name != null ? var.user_supplied_iam_role_name : aws_iam_role.graphdb[0].name
 }
 
+resource "aws_iam_role_policy_attachment" "cloudwatch-agent-policy" {
+  role       = aws_iam_role.graphdb[0].id
+  policy_arn = "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
+}
+
 resource "aws_iam_role" "graphdb" {
   count                = var.user_supplied_iam_role_name != null ? 0 : 1
   name_prefix          = "${var.resource_name_prefix}-graphdb-"
diff --git a/modules/user_data/main.tf b/modules/user_data/main.tf
index 643d7c5..1601317 100644
--- a/modules/user_data/main.tf
+++ b/modules/user_data/main.tf
@@ -27,6 +27,7 @@ locals {
       zone_id       = var.zone_id
 
       jvm_max_memory = local.jvm_max_memory
+      resource_name_prefix = var.resource_name_prefix
     }
   )
 }
diff --git a/modules/user_data/templates/start_graphdb.sh.tpl b/modules/user_data/templates/start_graphdb.sh.tpl
index 895860a..a3830b6 100644
--- a/modules/user_data/templates/start_graphdb.sh.tpl
+++ b/modules/user_data/templates/start_graphdb.sh.tpl
@@ -231,6 +231,14 @@ echo 'fs.file-max = 262144' | tee -a /etc/sysctl.conf
 
 sysctl -p
 
+tmp=$(mktemp)
+jq '.logs.metrics_collected.prometheus.log_group_name = "${resource_name_prefix}-graphdb"' /etc/graphdb/cloudwatch-agent-config.json > "$tmp" && mv "$tmp" /etc/graphdb/cloudwatch-agent-config.json
+jq '.logs.metrics_collected.prometheus.emf_processor.metric_namespace = "${resource_name_prefix}-graphdb"' /etc/graphdb/cloudwatch-agent-config.json > "$tmp" && mv "$tmp" /etc/graphdb/cloudwatch-agent-config.json
+cat /etc/prometheus/prometheus.yaml | yq '.scrape_configs[].static_configs[].targets = ["localhost:7201"]' > "$tmp" && mv "$tmp" /etc/prometheus/prometheus.yaml
+
+amazon-cloudwatch-agent-ctl -a start
+amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/etc/graphdb/cloudwatch-agent-config.json
+
 # the proxy service is set up in the AMI but not enabled there, so we enable and start it
 systemctl daemon-reload
 systemctl start graphdb
diff --git a/variables.tf b/variables.tf
index 6098808..c2ed882 100644
--- a/variables.tf
+++ b/variables.tf
@@ -121,7 +121,7 @@ variable "ami_id" {
 variable "graphdb_version" {
   description = "GraphDB version"
   type        = string
-  default     = "10.4.0-RC5"
+  default     = "10.4.0-RC8"
   nullable    = false
 }