Terraform module that provisions infrastructure on AWS to run cardano-node. There are examples that give a good idea on how to best use this project in your own.
This project has not be audited for security by a third-party. Use at your own discretion. However, there are periodic scans performed by checkov, results can be found in workflow results.
This module is setup to be flexible. It can be used in whole, or you can opt to use the individual modules separately found in the modules/ directory.
The basic example merely provisions an EC2 instance with a cardano-node container. Some other things to note are:
- targets default VPC
- the user-data script installs
dockeranddocker-compose, which is used to orchestrate cardano-node - the user-data script attempts to attach an EBS volume for ledger storage which is apart of an AWS Backup plan
- configuration (docker-compose.yml, topology.json, etc) are synced from an S3 bucket
- KMS encryption is used where possible
- conatainer logs are shipped to CloudWatch
This is a very basic architecture, but it demonstrates the technology.
This example my be using a version that is out-of-date, check the registry page for the most recent usage.
module "cardano-node" {
source = "leb4r/cardano-node/aws"
version = "2.0.0"
# insert the required variables here
}The automation module provides SSM documents that can be used to perform operational tasks on the services.
| Name | Version |
|---|---|
| terraform | >= 0.13.0 |
| aws | ~> 3.0 |
No providers.
| Name | Source | Version |
|---|---|---|
| automation | ./modules/automation | n/a |
| backups | ./modules/backup | n/a |
| config | ./modules/config | n/a |
| dns | ./modules/dns | n/a |
| iam | ./modules/iam | n/a |
| kms | ./modules/kms | n/a |
| logs | ./modules/logs | n/a |
| node | ./modules/node | n/a |
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| associate_public_ip_address | Set to false to only create allocate a private IP address for the node |
bool |
true |
no |
| backup_cold_storage_after | Specifies the number of days after creation that a recovery point is moved to cold storage | number |
30 |
no |
| backup_delete_after | Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than cold_storage_after |
number |
180 |
no |
| backup_schedule | A CRON expression specifying when AWS Backup initiates a backup job | string |
"cron(0 12 * * ? *)" |
no |
| cardano_node_image | Container image to use for the node | string |
"docker.io/inputoutput/cardano-node" |
no |
| cardano_node_network | The cardano network to connect to (e.g. mainnet or testnet) |
string |
"mainnet" |
no |
| cardano_node_port | The port to listen for communication on | number |
3001 |
no |
| cardano_node_topology_json | JSON string to be used as topology config | string |
"" |
no |
| cardano_node_version | Version of cardano-node to run | string |
"1.30.1" |
no |
| create_kms_key | Set to false to use separate KMS key |
bool |
true |
no |
| create_route53_record | Set to true to create an A record in Route 53 for the EC2 instance |
bool |
false |
no |
| data_volume_size | Size of data volume of the node | number |
30 |
no |
| ebs_optimized | Set to false is disable EBS optimized feature |
bool |
true |
no |
| enable_monitoring | Set to false to disable enhanced monitoring for node |
bool |
true |
no |
| instance_type | The type of instance to use for the node | string |
"t3.large" |
no |
| kms_key_arn | The ARN of the KMS CMK to use for encryption | string |
"" |
no |
| log_retention_in_days | The number of days to keep logs in the Log Group | number |
30 |
no |
| name | Canocial name to give to resources | string |
"cardano-node" |
no |
| prometheus_ingress_cidrs | Comma-delimited list of CIDR blocks from which to allow Prometheus traffic on | string |
"0.0.0.0/0" |
no |
| root_volume_size | Size of root volume of the node | number |
8 |
no |
| route53_record_name | Name of the record to create | string |
"" |
no |
| route53_zone_id | ID of the Route 53 Zone to create record in | string |
"" |
no |
| subnet_id | ID of Subnet to deploy node in | string |
n/a | yes |
| tags | Map of tags to apply to resources | map(string) |
{} |
no |
| vpc_id | ID of VPC to deploy node in | string |
n/a | yes |
| Name | Description |
|---|---|
| config_bucket_name | Name of S3 bucket used to store config |
| data_volume_id | ID of EBS volume used for data storage |
| dns_fqdn | FQDN of the node |
| iam_role_name | Name of IAM role used by the EC2 instance |
| instance_id | ID of the EC2 instance where cardano-node is runner |
| security_group_id | ID of the Security Group used by EC2 instance |