This repository contains CloudFormation templates to deploy and bootstrap a Casper node on AWS.
An AWS IAM user with appropriate resource creation permissions should be used when running the Quickstart. Use of the AWS account's root user is discouraged.
Refer to the AWS documentation on Security best practices in IAM
Minimum Requirements:
- CPU: 4 vCPU
- Memory: 32GB
- Disk: 2TB
You can deploy the infrastructure by selecting one of the regions below, and clicking on the launch stack button. Follow the instructions on the AWS console and fill the required parameters to deploy the CloudFormation stack.
| Region | |
|---|---|
| us-east-1 |  |
You can also download the CloudFormation templates and deploy the infrastructure manually using the aws-cli:
Note: You should have already installed and configured the aws cli in order to follow these steps
-
Create an S3 Bucket to store the CloudFormation templates.
-
Package and upload the templates to S3:
$ aws cloudformation package \ --template-file master.yml \ --output-template-file master.packaged.yml \ --s3-bucket <YOUR_S3_BUCKET>
$ aws s3 cp master.packaged.yml s3://<YOUR_S3_BUCKET>/ -
Create the CloudFormation stack:
$ aws cloudformation deploy \ --template-file master.packaged.yml \ --capabilities CAPABILITY_NAMED_IAM \ --parameter-overrides TrustedHash=<TRUSTED_HASH> OwnerName=<OWNER_NAME> ProjectName=<PROJECT_NAME> \ --stack-name <STACK_NAME>
Choose a meaningful name for you CloudFormation Stack and deploy the infrastructure. (Note: With the
--parameter-overridesflag you can specify any of the supported parameters in the template)
An AWS CloudWatch dashboard is created as part of the infrastructure with some metrics about the node. You can access the dashboard using the CloudWatch console or by opening the URL of the dashboard in the CloudFormation stack outputs.
You can securely access the node in two ways:
-
Using AWS Session Manager by opening the console and clicking on Start Session, then just select your instance and you will get access to the node through a terminal embbeded in the browser. (Note: You can also access the node through your terminal by using the aws cli and the session manager plugin)
-
Using SSH: To enable SSH access to your node you have to provide the KeyName and IpWhiteList parameters when you create the stack. To access the node, go to the EC2 Console, select the node and click on the Connect button, you can find the SSH tab there with sample commands to connect to the instance.
For more information on how to create an AWS KeyPair check the AWS docs It's important that you store the SSH key in a secure place since it provides access to your node.
To completely delete all the resources created by the templates go to the CloudFormation Console, select your stack and delete it.
The CloudFormation templates create the following components as part of the infrastructure:
- A VPC with public and private subnets, and all the routing configuration.
- A single EC2 Instance that bootstraps a Casper node.
- An Instance Role to provide the EC2 Instance with access to Systems Manager & CloudWatch
- A CloudWatch dashboard with metrics to monitor the node.
- Configuration to access the node through Session Manager.
During node bootstrap, validator keys are created in /etc/casper/validator_keys
These keys should be backed up by the node operator and stored in a secure location.
AWS Data Lifecycle Manager can be optionally setup by the node operator to schedule periodic backups of the Casper Node EBS disk. As the snapshots will contain sensitive information (validator keys), appropriate IAM access controls should be applied.