The Setup
A typical Prometheus + Node Exporter deployment on AWS EC2 follows this pattern: two Ubuntu instances, one running Node Exporter (exposing system metrics on port 9100), the other running Prometheus (scraping metrics on port 9090). The architecture works. It's also how 60%+ of Kubernetes clusters handle monitoring, according to CNCF's 2024 survey.
The tutorial in question gets you there fast - security groups wide open, all traffic from 0.0.0.0/0, minimal configuration. Perfect for learning. The problem shows up three months later when that "lab" setup is still running in production.
What's Actually Happening
This isn't about one tutorial. It's about a pattern. Quick-start guides optimise for speed, not security. They work - Node Exporter ships metrics, Prometheus scrapes them, Grafana visualises them. The technical implementation is sound. The security posture isn't.
The alternatives exist. CloudWatch Agent can scrape Prometheus metrics natively. Amazon Managed Grafana removes the self-hosting burden. Proper VPC segmentation, IAM roles, and security group scoping add complexity but close the exposure window. The question is whether teams circle back to harden what they built.
The Real Trade-off
This setup demonstrates a choice enterprise teams make constantly: velocity versus hardening. A two-instance Prometheus deployment gets you observability this afternoon. Properly scoped security groups, private subnets, and IAM policies take longer. Both ship. One scales safely.
The cloud monitoring segment sits at $25B+ globally (Gartner 2025 estimate). Most of that spend goes to vendors promising to remove exactly this kind of decision-making. The open-source path remains viable - Prometheus is community-driven, battle-tested, and free - but it demands you own the security implementation.
Worth Noting
If you're running Prometheus on EC2 in production, check your security groups. If they still say "All Traffic" from "0.0.0.0/0", you've got lab config in prod. The monitoring works. The question is what else works.