I suddenly inherited Mac OS X MiniServer with AMPPS on it. It used to be a development server, switched to a production role. So I created MySQL users for each site with this site's DB access only, specified PHP-directive "open_basedir" for each site and composed .htaccess to the best of my knowledge (which is poor).
But I'm still uncertain about security.
I have an EC2 instance that is running Apache and my website (php files) is also on that EC2 instance. Website users will be able to upload and download files and I would like to store (user uploaded) files on a separate EBS volume. Do I need to give Apache special permissions to write to a separate EBS volume?