jayzalowitz/fs-mob.cft.yml

## fs-mob.cft.yml
AWSTemplateFormatVersion: '2010-09-09'
Metadata:
  License: Apache-2.0
Description: 'AWS CloudFormation template for the creation and storing of a mobilecoin wallet.'
Parameters:
  InstanceType:
    Description: EC2 instance type
    Type: String
    Default: m5a.xlarge
    AllowedValues: [t2.nano,t2.small,t3.nano,t3a.nano,m5a.xlarge,m5a.large]
    ConstraintDescription: must be a valid EC2 instance type.
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: must be the name of an existing EC2 KeyPair.
  VPCId:
    Description: VPC id for the server to launch within
    Type: AWS::EC2::VPC::Id
    ConstraintDescription: must be the id of an existing VPC
  SSHLocation:
    Description: The IP address range that can be used to SSH to the EC2 instances, if you want to lock down your server you will want to set this
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: 0.0.0.0/0
    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Resources:
  ServerGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AvailabilityZones: !GetAZs ''
      LaunchTemplate:
        LaunchTemplateId: !Ref 'LaunchTemplate'
        #"LaunchTemplateName" : String,
        Version: 1
      MinSize: '1'
      MaxSize: '1'
  LaunchTemplate:
    Type: AWS::EC2::LaunchTemplate
    Metadata:
      Comment: Install a simple application
    Properties:
      LaunchTemplateName: mobilecoin
      LaunchTemplateData:
        ImageId: ami-08bac620dc84221eb
        SecurityGroupIds: [!Ref 'InstanceSecurityGroup']
        InstanceType: !Ref 'InstanceType'
        KeyName: !Ref 'KeyName'
        EnclaveOptions:
          Enabled: true
        UserData: !Base64
          Fn::Join:
          - ''
          - ['#!/bin/bash -xe

              ', 'sudo apt update -y
              ', "\n", 'sudo apt install git build-essential cmake protobuf-compiler llvm libclang-dev libsqlite3-dev libssl1.1 cargo -y
              ', "\n", 'git clone https://github.com/mobilecoinofficial/full-service.git
              ', "\n", 'cd full-service
              ', "\n", 'git submodule init
              ', "\n", 'git submodule update
              ', "\n", 'NAMESPACE=test
              ', "\n", 'SIGNED_ENCLAVE_URI=$(curl -s https://enclave-distribution.${NAMESPACE}.mobilecoin.com/production.json | grep consensus-enclave.css | awk ',"'","{print $2}","'",' | tr -d \" | tr -d ,);
                  curl -O https://enclave-distribution.${NAMESPACE}.mobilecoin.com/${SIGNED_ENCLAVE_URI}
              ', "\n", 'wget https://download.01.org/intel-sgx/sgx-linux/2.9.1/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.9.101.2.bin;
                  chmod +x sgx_linux_x64_sdk_2.9.101.2.bin;
                  sudo ./sgx_linux_x64_sdk_2.9.101.2.bin --prefix=/opt/intel
                  ', "\n", "source /opt/intel/sgxsdk/environment", "\n",
                  "export SGX_MODE=HW IAS_MODE=PROD CONSENSUS_ENCLAVE_CSS=$(pwd)/consensus-enclave.css", "\n",
                  "cargo build --release -p mc-full-service", "\n",
                  "mkdir -p /tmp/wallet-db/" , "\n",
                  "./target/release/full-service \
                  --wallet-db /tmp/wallet-db/wallet.db \
                  --ledger-db /tmp/ledger-db/ \
                  --peer mc://node1.test.mobilecoin.com/ \
                  --peer mc://node2.test.mobilecoin.com/ \
                  --tx-source-url https://s3-us-west-1.amazonaws.com/mobilecoin.chain/node1.test.mobilecoin.com/ \
                  --tx-source-url https://s3-us-west-1.amazonaws.com/mobilecoin.chain/node2.test.mobilecoin.com/", "\n",

              "/opt/aws/bin/cfn-signal -e $? ",
                         "         --stack ", { "Ref" : "AWS::StackName" },
                         "         --resource ServerGroup ",
                         "         --region ", { "Ref" : "AWS::Region" }, "\n"
            ]
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access and HTTP access on the inbound port
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: '22'
        ToPort: '22'
        CidrIp: !Ref 'SSHLocation'
      SecurityGroupEgress:
      - IpProtocol: tcp
        FromPort: '443'
        ToPort: '443'
        CidrIp: '0.0.0.0/0'
      - IpProtocol: tcp
        FromPort: '80'
        ToPort: '80'
        CidrIp: '0.0.0.0/0'
      VpcId: !Ref 'VPCId'
	AWSTemplateFormatVersion: '2010-09-09'
	Metadata:
	License: Apache-2.0
	Description: 'AWS CloudFormation template for the creation and storing of a mobilecoin wallet.'
	Parameters:
	InstanceType:
	Description: EC2 instance type
	Type: String
	Default: m5a.xlarge
	AllowedValues: [t2.nano,t2.small,t3.nano,t3a.nano,m5a.xlarge,m5a.large]
	ConstraintDescription: must be a valid EC2 instance type.
	KeyName:
	Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
	Type: AWS::EC2::KeyPair::KeyName
	ConstraintDescription: must be the name of an existing EC2 KeyPair.
	VPCId:
	Description: VPC id for the server to launch within
	Type: AWS::EC2::VPC::Id
	ConstraintDescription: must be the id of an existing VPC
	SSHLocation:
	Description: The IP address range that can be used to SSH to the EC2 instances, if you want to lock down your server you will want to set this
	Type: String
	MinLength: '9'
	MaxLength: '18'
	Default: 0.0.0.0/0
	AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
	ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
	Resources:
	ServerGroup:
	Type: AWS::AutoScaling::AutoScalingGroup
	Properties:
	AvailabilityZones: !GetAZs ''
	LaunchTemplate:
	LaunchTemplateId: !Ref 'LaunchTemplate'
	#"LaunchTemplateName" : String,
	Version: 1
	MinSize: '1'
	MaxSize: '1'
	LaunchTemplate:
	Type: AWS::EC2::LaunchTemplate
	Metadata:
	Comment: Install a simple application
	Properties:
	LaunchTemplateName: mobilecoin
	LaunchTemplateData:
	ImageId: ami-08bac620dc84221eb
	SecurityGroupIds: [!Ref 'InstanceSecurityGroup']
	InstanceType: !Ref 'InstanceType'
	KeyName: !Ref 'KeyName'
	EnclaveOptions:
	Enabled: true
	UserData: !Base64
	Fn::Join:
	- ''
	- ['#!/bin/bash -xe

	', 'sudo apt update -y
	', "\n", 'sudo apt install git build-essential cmake protobuf-compiler llvm libclang-dev libsqlite3-dev libssl1.1 cargo -y
	', "\n", 'git clone https://github.com/mobilecoinofficial/full-service.git
	', "\n", 'cd full-service
	', "\n", 'git submodule init
	', "\n", 'git submodule update
	', "\n", 'NAMESPACE=test
	', "\n", 'SIGNED_ENCLAVE_URI=$(curl -s https://enclave-distribution.${NAMESPACE}.mobilecoin.com/production.json \| grep consensus-enclave.css \| awk ',"'","{print $2}","'",' \| tr -d \" \| tr -d ,);
	curl -O https://enclave-distribution.${NAMESPACE}.mobilecoin.com/${SIGNED_ENCLAVE_URI}
	', "\n", 'wget https://download.01.org/intel-sgx/sgx-linux/2.9.1/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.9.101.2.bin;
	chmod +x sgx_linux_x64_sdk_2.9.101.2.bin;
	sudo ./sgx_linux_x64_sdk_2.9.101.2.bin --prefix=/opt/intel
	', "\n", "source /opt/intel/sgxsdk/environment", "\n",
	"export SGX_MODE=HW IAS_MODE=PROD CONSENSUS_ENCLAVE_CSS=$(pwd)/consensus-enclave.css", "\n",
	"cargo build --release -p mc-full-service", "\n",
	"mkdir -p /tmp/wallet-db/" , "\n",
	"./target/release/full-service \
	--wallet-db /tmp/wallet-db/wallet.db \
	--ledger-db /tmp/ledger-db/ \
	--peer mc://node1.test.mobilecoin.com/ \
	--peer mc://node2.test.mobilecoin.com/ \
	--tx-source-url https://s3-us-west-1.amazonaws.com/mobilecoin.chain/node1.test.mobilecoin.com/ \
	--tx-source-url https://s3-us-west-1.amazonaws.com/mobilecoin.chain/node2.test.mobilecoin.com/", "\n",

	"/opt/aws/bin/cfn-signal -e $? ",
	" --stack ", { "Ref" : "AWS::StackName" },
	" --resource ServerGroup ",
	" --region ", { "Ref" : "AWS::Region" }, "\n"
	]
	InstanceSecurityGroup:
	Type: AWS::EC2::SecurityGroup
	Properties:
	GroupDescription: Enable SSH access and HTTP access on the inbound port
	SecurityGroupIngress:
	- IpProtocol: tcp
	FromPort: '22'
	ToPort: '22'
	CidrIp: !Ref 'SSHLocation'
	SecurityGroupEgress:
	- IpProtocol: tcp
	FromPort: '443'
	ToPort: '443'
	CidrIp: '0.0.0.0/0'
	- IpProtocol: tcp
	FromPort: '80'
	ToPort: '80'
	CidrIp: '0.0.0.0/0'
	VpcId: !Ref 'VPCId'