Skip to content

Latest commit

 

History

History
120 lines (92 loc) · 5.39 KB

README.md

File metadata and controls

120 lines (92 loc) · 5.39 KB

AWS Solana Validator

Terraform module to create an AWS EC2 running a full Solana validator node with RPC.

Assumptions

  • You want to run a Solana Validator in the AWS public cloud
  • You've created an AWS Virtual Private Cloud (VPC) and public subnets where you intend to put the Solana validator resources.

Node management

For security reasons port 22 is not open for SSH, in the firewall. Instead, the module leverage AWS SSM. Use session manager to access the instance. Use you AWS User or assumed role, with sufficient permissions, to access the node. Find the INSTANCE_ID in the AWS console, or via cli.

aws ssm start-session --target ${INSTANCE_ID}

# open bash shell and switch to sol user 
sudo bash && su - sol

To open port 22, set var.enable_ssh to true.

Usage example

resource "tls_private_key" "this" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "aws_key_pair" "this" {
  key_name   = format("%s-key", var.name)
  public_key = tls_private_key.this.public_key_openssh
}

module "validator_node" {
  source = "github.com/solanium-io/aws-solana-validator?ref=v1.0.0"

  # meta
  environment = "dev"
  tags        = merge(local.tags, { Name = "SolanaValidatorNode" })

  # network
  vpc_id    = module.vpc.vpc_id
  subnet_id = module.vpc.public_subnets[1]

  # security
  whitelist_ips = var.whitelist_ips
  enable_ssh    = false
  
  # machine
  ami           = "ami-0a8e758f5e873d1c1" # ubuntu 20.04
  instance_type = "m5ad.8xlarge"
  key_name      = aws_key_pair.this.key_name
}

Requirements

Name Version
terraform >= 0.15
aws 3.38.0

Providers

Name Version
aws 3.38.0

Modules

No modules.

Resources

Name Type
aws_iam_instance_profile.this resource
aws_iam_policy_attachment.this resource
aws_iam_role.this resource
aws_instance.this resource
aws_kms_alias.this resource
aws_kms_key.this resource
aws_security_group.this resource
aws_ami.this data source
aws_caller_identity.this data source
aws_iam_policy_document.assume_role data source
aws_iam_policy_document.kms data source
aws_region.this data source

Inputs

Name Description Type Default Required
ami AMI to be used in EC2, leave empty to use the newest string "" no
enable_ssh Open port 22 in the security group bool false no
environment Environment for the deployment string n/a yes
instance_type Instance type to be used in EC2 string "m5ad.8xlarge" no
key_name SSH Keyname string null no
name Name (prefix) of to assign to the stack string "validator-node" no
subnet_id Subnet to deploy the EC2 string n/a yes
tags tags to attach to resources map(string) {} no
volume_size_gb Size of block device in GB number 2048 no
vpc_id ID of VPC to deploy resources in string n/a yes
whitelist_ips List of IPs that are whitelisted to the security group list(string) n/a yes

Outputs

Name Description
instance_id Instance ID of the created EC2
public_ip Instance ID of the created EC2