Last active
April 5, 2021 06:53
-
-
Save jayzalowitz/fd7c8b76c3dce401f33a7fb2527b118b to your computer and use it in GitHub Desktop.
Full service boot attempt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: '2010-09-09' | |
Metadata: | |
License: Apache-2.0 | |
Description: 'AWS CloudFormation template for the creation and storing of a mobilecoin wallet.' | |
Parameters: | |
InstanceType: | |
Description: EC2 instance type | |
Type: String | |
Default: m5a.xlarge | |
AllowedValues: [t2.nano,t2.small,t3.nano,t3a.nano,m5a.xlarge,m5a.large] | |
ConstraintDescription: must be a valid EC2 instance type. | |
KeyName: | |
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances | |
Type: AWS::EC2::KeyPair::KeyName | |
ConstraintDescription: must be the name of an existing EC2 KeyPair. | |
VPCId: | |
Description: VPC id for the server to launch within | |
Type: AWS::EC2::VPC::Id | |
ConstraintDescription: must be the id of an existing VPC | |
SSHLocation: | |
Description: The IP address range that can be used to SSH to the EC2 instances, if you want to lock down your server you will want to set this | |
Type: String | |
MinLength: '9' | |
MaxLength: '18' | |
Default: 0.0.0.0/0 | |
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) | |
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. | |
Resources: | |
ServerGroup: | |
Type: AWS::AutoScaling::AutoScalingGroup | |
Properties: | |
AvailabilityZones: !GetAZs '' | |
LaunchTemplate: | |
LaunchTemplateId: !Ref 'LaunchTemplate' | |
#"LaunchTemplateName" : String, | |
Version: 1 | |
MinSize: '1' | |
MaxSize: '1' | |
LaunchTemplate: | |
Type: AWS::EC2::LaunchTemplate | |
Metadata: | |
Comment: Install a simple application | |
Properties: | |
LaunchTemplateName: mobilecoin | |
LaunchTemplateData: | |
ImageId: ami-08bac620dc84221eb | |
SecurityGroupIds: [!Ref 'InstanceSecurityGroup'] | |
InstanceType: !Ref 'InstanceType' | |
KeyName: !Ref 'KeyName' | |
EnclaveOptions: | |
Enabled: true | |
UserData: !Base64 | |
Fn::Join: | |
- '' | |
- ['#!/bin/bash -xe | |
', 'sudo apt update -y | |
', "\n", 'sudo apt install git build-essential cmake protobuf-compiler llvm libclang-dev libsqlite3-dev libssl1.1 cargo -y | |
', "\n", 'git clone https://github.com/mobilecoinofficial/full-service.git | |
', "\n", 'cd full-service | |
', "\n", 'git submodule init | |
', "\n", 'git submodule update | |
', "\n", 'NAMESPACE=test | |
', "\n", 'SIGNED_ENCLAVE_URI=$(curl -s https://enclave-distribution.${NAMESPACE}.mobilecoin.com/production.json | grep consensus-enclave.css | awk ',"'","{print $2}","'",' | tr -d \" | tr -d ,); | |
curl -O https://enclave-distribution.${NAMESPACE}.mobilecoin.com/${SIGNED_ENCLAVE_URI} | |
', "\n", 'wget https://download.01.org/intel-sgx/sgx-linux/2.9.1/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.9.101.2.bin; | |
chmod +x sgx_linux_x64_sdk_2.9.101.2.bin; | |
sudo ./sgx_linux_x64_sdk_2.9.101.2.bin --prefix=/opt/intel | |
', "\n", "source /opt/intel/sgxsdk/environment", "\n", | |
"export SGX_MODE=HW IAS_MODE=PROD CONSENSUS_ENCLAVE_CSS=$(pwd)/consensus-enclave.css", "\n", | |
"cargo build --release -p mc-full-service", "\n", | |
"mkdir -p /tmp/wallet-db/" , "\n", | |
"./target/release/full-service \ | |
--wallet-db /tmp/wallet-db/wallet.db \ | |
--ledger-db /tmp/ledger-db/ \ | |
--peer mc://node1.test.mobilecoin.com/ \ | |
--peer mc://node2.test.mobilecoin.com/ \ | |
--tx-source-url https://s3-us-west-1.amazonaws.com/mobilecoin.chain/node1.test.mobilecoin.com/ \ | |
--tx-source-url https://s3-us-west-1.amazonaws.com/mobilecoin.chain/node2.test.mobilecoin.com/", "\n", | |
"/opt/aws/bin/cfn-signal -e $? ", | |
" --stack ", { "Ref" : "AWS::StackName" }, | |
" --resource ServerGroup ", | |
" --region ", { "Ref" : "AWS::Region" }, "\n" | |
] | |
InstanceSecurityGroup: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
GroupDescription: Enable SSH access and HTTP access on the inbound port | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
FromPort: '22' | |
ToPort: '22' | |
CidrIp: !Ref 'SSHLocation' | |
SecurityGroupEgress: | |
- IpProtocol: tcp | |
FromPort: '443' | |
ToPort: '443' | |
CidrIp: '0.0.0.0/0' | |
- IpProtocol: tcp | |
FromPort: '80' | |
ToPort: '80' | |
CidrIp: '0.0.0.0/0' | |
VpcId: !Ref 'VPCId' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment