From 0d92c1ab25e70445b5a630bee281b8164781ee0f Mon Sep 17 00:00:00 2001
From: Alex Schoof <alex.schoof@gmail.com>
Date: Tue, 31 Aug 2021 09:51:56 -0400
Subject: [PATCH] Add an elastic IP; add an SG for REST ports

---
 .gitignore                 |  1 +
 lib/configure-node.sh      |  4 ++++
 lib/lightningnode-stack.ts | 15 +++++++++++++++
 3 files changed, 20 insertions(+)

diff --git a/.gitignore b/.gitignore
index 13f390d..0dfde53 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@
 !jest.config.js
 *.d.ts
 node_modules
+.idea
 
 # CDK asset staging directory
 .cdk.staging
diff --git a/lib/configure-node.sh b/lib/configure-node.sh
index 6f6fe6a..2a87868 100644
--- a/lib/configure-node.sh
+++ b/lib/configure-node.sh
@@ -61,6 +61,9 @@ listen=0.0.0.0:9735
 # gRPC socket binding
 rpclisten=0.0.0.0:10009
 
+# REST socket binding
+restlisten=0.0.0.0:8080
+
 # Avoid slow startup time
 sync-freelist=1
 
@@ -184,4 +187,5 @@ chown -R ec2-user: /home/ec2-user/bin
 echo '*/5 * * * * ec2-user /home/ec2-user/.npm-global/bin/bos unlock /home/ec2-user/.lnd/wallet_password' >> /etc/crontab
 
 # Start lnd!
+systemctl enable lnd.service
 systemctl start lnd.service
\ No newline at end of file
diff --git a/lib/lightningnode-stack.ts b/lib/lightningnode-stack.ts
index 9fb0622..7c421e2 100644
--- a/lib/lightningnode-stack.ts
+++ b/lib/lightningnode-stack.ts
@@ -3,6 +3,7 @@ import * as ec2 from '@aws-cdk/aws-ec2';
 import {Asset} from '@aws-cdk/aws-s3-assets';
 import { KeyPair } from 'cdk-ec2-key-pair';
 import * as path from 'path';
+import { CfnEIP } from '@aws-cdk/aws-ec2';
 
 
 export class LightningNode extends cdk.Stack {
@@ -46,6 +47,11 @@ export class LightningNode extends cdk.Stack {
       description: 'Allow access to lnd grpc interface',
     });
     rpcSg.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(10009));
+    const restSg = new ec2.SecurityGroup(this, "RestSecurityGroup", {
+      vpc: vpc,
+      description: "Allow access to lnd REST ports"
+    });
+    restSg.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(8080));
 
     // grab the latest hvm arm64 AL2 AMI
     const ami = new ec2.AmazonLinuxImage({
@@ -66,6 +72,15 @@ export class LightningNode extends cdk.Stack {
     // Feel free to change the ingress rule above to lock down access to a specific IP or range
     // instance.addSecurityGroup(rpcSg);
 
+    // Uncomment this next line to allow access to port 443 for REST from the world
+    // You can also edit the ingress rule above if you want a different port
+    // instance.addSecurityGroup(restSg);
+
+    const eip = new CfnEIP(this, "NodeEIP", {
+      domain: "vpc",
+      instanceId: instance.instanceId
+    });
+
     // Wire the bootstrap script into the instance userdata
     const localPath = instance.userData.addS3DownloadCommand({
       bucket:setupScript.bucket,