Mirroristas/bigchaindb
2
0
Fork 0
mirror of https://github.com/bigchaindb/bigchaindb.git synced 2024-10-13 13:34:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
bigchaindb/docs/source/appendices/aws-setup.md
troymc fbc32aa3fd Docs: Moved AWS Setup to appendices
2016-07-08 10:53:12 +02:00

3.8 KiB
Raw Blame History

AWS Setup

Before you can deploy a BigchainDB node or cluster on AWS, you must do a few things.

Get an AWS Account

If you don't already have an AWS account, you can sign up for one for free at aws.amazon.com.

Install the AWS Command-Line Interface

To install the AWS Command-Line Interface (CLI), just do:

pip install awscli

Create an AWS Access Key

The next thing you'll need is an AWS access key. If you don't have one, you can create one using the instructions in the AWS documentation. You should get an access key ID (e.g. AKIAIOSFODNN7EXAMPLE) and a secret access key (e.g. wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).

You should also pick a default AWS region name (e.g. eu-central-1). That's where your cluster will run. The AWS documentation has a list of them.

Once you've got your AWS access key, and you've picked a default AWS region name, go to a terminal session and enter:

aws configure

and answer the four questions. For example:

AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: eu-central-1
Default output format [None]: [Press Enter]

This writes two files: ~/.aws/credentials and ~/.aws/config. AWS tools and packages look for those files.

Get Enough Amazon Elastic IP Addresses

You can skip this if you're deploying a single node.

Our AWS cluster deployment scripts use elastic IP addresses (although that may change in the future). By default, AWS accounts get five elastic IP addresses. If you want to deploy a cluster with more than five nodes, then you will need more than five elastic IP addresses; you may have to apply for those; see the AWS documentation on elastic IP addresses.

Create an Amazon EC2 Key Pair

Go to the AWS EC2 Console and select "Key Pairs" in the left sidebar. Click the "Create Key Pair" button. Give it the name bigchaindb. You should be prompted to save a file named bigchaindb.pem. That file contains the RSA private key. (You can get the public key from the private key, so there's no need to send it separately.)

If you're deploying a cluster, save the file in bigchaindb/deploy-cluster-aws/pem/bigchaindb.pem.

If you're deploying a single node, save the file in bigchaindb/deploy-node-aws/pem/bigchaindb.pem.

You should not share your private key.

Create an Amazon EC2 Security Group

Go to the AWS EC2 Console and select "Security Groups" in the left sidebar. Click the "Create Security Group" button. If you're deploying a cluster, give it the name bigchaindb, otherwise you can name it whatever you like. The description probably doesn't matter but we also put bigchaindb for that.

If you're deploying a test cluster, then add these rules for Inbound traffic:

  • Type = All TCP, Protocol = TCP, Port Range = 0-65535, Source = 0.0.0.0/0
  • Type = SSH, Protocol = SSH, Port Range = 22, Source = 0.0.0.0/0
  • Type = All UDP, Protocol = UDP, Port Range = 0-65535, Source = 0.0.0.0/0
  • Type = All ICMP, Protocol = ICMP, Port Range = 0-65535, Source = 0.0.0.0/0

Note: These rules are extremely lax! They're meant to make testing easy. For example, Source = 0.0.0.0/0 is CIDR notation for "allow this traffic to come from any IP address."

If you're deploying a single node, then see the BigchainDB Notes for Firewall Setup and the AWS documentation about security groups.