aljaz/ThunderCloud
1
0
Fork 0
mirror of https://github.com/aljazceru/ThunderCloud.git synced 2025-12-17 06:14:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add an elastic IP; add an SG for REST ports

Browse Source
This commit is contained in:
Alex Schoof
2021-08-31 09:51:56 -04:00
parent 69ff7aba6e
commit 0d92c1ab25
3 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -2,6 +2,7 @@
!jest.config.js !jest.config.js
*.d.ts *.d.ts
node_modules node_modules
.idea
# CDK asset staging directory # CDK asset staging directory
.cdk.staging .cdk.staging

4
lib/configure-node.sh
View File

@@ -61,6 +61,9 @@ listen=0.0.0.0:9735
# gRPC socket binding # gRPC socket binding
rpclisten=0.0.0.0:10009 rpclisten=0.0.0.0:10009
# REST socket binding
restlisten=0.0.0.0:8080
# Avoid slow startup time # Avoid slow startup time
sync-freelist=1 sync-freelist=1
@@ -184,4 +187,5 @@ chown -R ec2-user: /home/ec2-user/bin
echo '*/5 * * * * ec2-user /home/ec2-user/.npm-global/bin/bos unlock /home/ec2-user/.lnd/wallet_password' >> /etc/crontab echo '*/5 * * * * ec2-user /home/ec2-user/.npm-global/bin/bos unlock /home/ec2-user/.lnd/wallet_password' >> /etc/crontab
# Start lnd! # Start lnd!
systemctl enable lnd.service
systemctl start lnd.service systemctl start lnd.service

15
lib/lightningnode-stack.ts
View File

@@ -3,6 +3,7 @@ import * as ec2 from '@aws-cdk/aws-ec2';
import {Asset} from '@aws-cdk/aws-s3-assets'; import {Asset} from '@aws-cdk/aws-s3-assets';
import { KeyPair } from 'cdk-ec2-key-pair'; import { KeyPair } from 'cdk-ec2-key-pair';
import * as path from 'path'; import * as path from 'path';
import { CfnEIP } from '@aws-cdk/aws-ec2';
export class LightningNode extends cdk.Stack { export class LightningNode extends cdk.Stack {
@@ -46,6 +47,11 @@ export class LightningNode extends cdk.Stack {
description: 'Allow access to lnd grpc interface', description: 'Allow access to lnd grpc interface',
}); });
rpcSg.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(10009)); rpcSg.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(10009));
const restSg = new ec2.SecurityGroup(this, "RestSecurityGroup", {
vpc: vpc,
description: "Allow access to lnd REST ports"
});
restSg.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(8080));
// grab the latest hvm arm64 AL2 AMI // grab the latest hvm arm64 AL2 AMI
const ami = new ec2.AmazonLinuxImage({ const ami = new ec2.AmazonLinuxImage({
@@ -66,6 +72,15 @@ export class LightningNode extends cdk.Stack {
// Feel free to change the ingress rule above to lock down access to a specific IP or range // Feel free to change the ingress rule above to lock down access to a specific IP or range
// instance.addSecurityGroup(rpcSg); // instance.addSecurityGroup(rpcSg);
// Uncomment this next line to allow access to port 443 for REST from the world
// You can also edit the ingress rule above if you want a different port
// instance.addSecurityGroup(restSg);
const eip = new CfnEIP(this, "NodeEIP", {
domain: "vpc",
instanceId: instance.instanceId
});
// Wire the bootstrap script into the instance userdata // Wire the bootstrap script into the instance userdata
const localPath = instance.userData.addS3DownloadCommand({ const localPath = instance.userData.addS3DownloadCommand({
bucket:setupScript.bucket, bucket:setupScript.bucket,