Skip to content

Instantly share code, notes, and snippets.

@jayzalowitz
Last active April 5, 2021 06:53
Show Gist options
  • Save jayzalowitz/fd7c8b76c3dce401f33a7fb2527b118b to your computer and use it in GitHub Desktop.
Save jayzalowitz/fd7c8b76c3dce401f33a7fb2527b118b to your computer and use it in GitHub Desktop.
Full service boot attempt
AWSTemplateFormatVersion: '2010-09-09'
Metadata:
License: Apache-2.0
Description: 'AWS CloudFormation template for the creation and storing of a mobilecoin wallet.'
Parameters:
InstanceType:
Description: EC2 instance type
Type: String
Default: m5a.xlarge
AllowedValues: [t2.nano,t2.small,t3.nano,t3a.nano,m5a.xlarge,m5a.large]
ConstraintDescription: must be a valid EC2 instance type.
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
VPCId:
Description: VPC id for the server to launch within
Type: AWS::EC2::VPC::Id
ConstraintDescription: must be the id of an existing VPC
SSHLocation:
Description: The IP address range that can be used to SSH to the EC2 instances, if you want to lock down your server you will want to set this
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Resources:
ServerGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
AvailabilityZones: !GetAZs ''
LaunchTemplate:
LaunchTemplateId: !Ref 'LaunchTemplate'
#"LaunchTemplateName" : String,
Version: 1
MinSize: '1'
MaxSize: '1'
LaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Metadata:
Comment: Install a simple application
Properties:
LaunchTemplateName: mobilecoin
LaunchTemplateData:
ImageId: ami-08bac620dc84221eb
SecurityGroupIds: [!Ref 'InstanceSecurityGroup']
InstanceType: !Ref 'InstanceType'
KeyName: !Ref 'KeyName'
EnclaveOptions:
Enabled: true
UserData: !Base64
Fn::Join:
- ''
- ['#!/bin/bash -xe
', 'sudo apt update -y
', "\n", 'sudo apt install git build-essential cmake protobuf-compiler llvm libclang-dev libsqlite3-dev libssl1.1 cargo -y
', "\n", 'git clone https://github.com/mobilecoinofficial/full-service.git
', "\n", 'cd full-service
', "\n", 'git submodule init
', "\n", 'git submodule update
', "\n", 'NAMESPACE=test
', "\n", 'SIGNED_ENCLAVE_URI=$(curl -s https://enclave-distribution.${NAMESPACE}.mobilecoin.com/production.json | grep consensus-enclave.css | awk ',"'","{print $2}","'",' | tr -d \" | tr -d ,);
curl -O https://enclave-distribution.${NAMESPACE}.mobilecoin.com/${SIGNED_ENCLAVE_URI}
', "\n", 'wget https://download.01.org/intel-sgx/sgx-linux/2.9.1/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.9.101.2.bin;
chmod +x sgx_linux_x64_sdk_2.9.101.2.bin;
sudo ./sgx_linux_x64_sdk_2.9.101.2.bin --prefix=/opt/intel
', "\n", "source /opt/intel/sgxsdk/environment", "\n",
"export SGX_MODE=HW IAS_MODE=PROD CONSENSUS_ENCLAVE_CSS=$(pwd)/consensus-enclave.css", "\n",
"cargo build --release -p mc-full-service", "\n",
"mkdir -p /tmp/wallet-db/" , "\n",
"./target/release/full-service \
--wallet-db /tmp/wallet-db/wallet.db \
--ledger-db /tmp/ledger-db/ \
--peer mc://node1.test.mobilecoin.com/ \
--peer mc://node2.test.mobilecoin.com/ \
--tx-source-url https://s3-us-west-1.amazonaws.com/mobilecoin.chain/node1.test.mobilecoin.com/ \
--tx-source-url https://s3-us-west-1.amazonaws.com/mobilecoin.chain/node2.test.mobilecoin.com/", "\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource ServerGroup ",
" --region ", { "Ref" : "AWS::Region" }, "\n"
]
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable SSH access and HTTP access on the inbound port
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: !Ref 'SSHLocation'
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: '443'
ToPort: '443'
CidrIp: '0.0.0.0/0'
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: '0.0.0.0/0'
VpcId: !Ref 'VPCId'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment