Skip to content

tearust/nitro-build

Repository files navigation

Configure on AWS

Create IAM Policy

First you should create new IAM Policy to allow use of the KMS key that we defined to only be used inside the enclave. Open the "IAM -> Policies" page, and then click the "Create Policy" button to load the create policy page. You'll next select the "JSON" tab and paste the following json configs:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt",
                "kms:GenerateDataKey",
                "kms:GenerateRandom"
            ],
            "Resource": "arn:aws:kms:ap-northeast-2:580177110170:key/d457ce32-1226-420b-9e81-bc32c49fe2da"
        }
    ]
}

After creatiing the policy you should see a new policy like this:

图片

For more information please read this AWS docs.

Create Role

Open the "IAM -> Roles" page and click the "Create role" button to create a new IAM role, then select the choice box in the first step like: 图片

In the second step we suggest you input "key" as filter word and select "AWSKeyManagementServicePowerUser" and the IAM policy we created before like: 图片

Finally, enter the new role name and remember it for future use.

Prepare the security group

Select "EC2 -> Security Groups" page and choose a security group you want to modify (or create a new one) and add inbound rules as follows: 图片

These input ports will be filtered after the node is started.

Create an EC2 instance

To ensure a successful instance launch, pay closse attention to the following parts in the 'Launch an Instance' steps:

  1. Choose the "Amazon Linux" OS like the following (DO NOT use the default "Amazon Linux 2023 AMI" option, and architecture choose "64-bit(Arm)"):
图片
  1. Choose an instance type that supports nitro. We use the "c6g.xlarge" here
图片
  1. Use the security group we updated (created) above:

图片

  1. Increase the volume size from 8G to 200G:
图片
  1. In the "Advanced details" tab, use the IAM role we created above:
图片
  1. In the "advanced details" tab set "Nitro Enclave" as enabled
图片

After successfully launching the EC2 instance, you can access it and proceed with the next steps of the tutorial.

Run with EC2 instance

Prepare

First you should prepare the TEA node dependencies which should take about 10 minutes.

Please note that the following preparations need only be completed once before starting the node for the first time.

Run the following command to start or update new TEA software version:

bash -c "$(curl -H "Cache-Control: no-cache" -fsSL https://raw.githubusercontent.com/tearust/nitro-build/main/install.sh)"

Or using the following command without prompting:

bash -c "$(curl -H "Cache-Control: no-cache" -fsSL https://raw.githubusercontent.com/tearust/nitro-build/main/install.sh)" "" "0x0000000000000000000000000000000000000000000000000000000000000000" "0xbd6D4f56b59e45ed25c52Eab7EFf2c626e083db9" "<your startup proof>"

Start

Enter into the working directory of the "nitro-build" folder created automatically in the preparation step:

cd ~/nitro-build

Then simply run the following script to start the node with parts both inside and outside the enclave:

./start.sh

or run the following command if you want to change settings when running:

./start.sh "{YOUR_MACHINE_ID}" "{YOUR_MACHINE_OWNER}" "{STARTUP_PROOF}"

Note that replace your real machine_id, machine_owner and startup_proof for the above command. e.g. ./start.sh "0x0000000000000000000000000000000000000000000000000000000000000000" "0xbd6D4f56b59e45ed25c52Eab7EFf2c626e083db9" "0x1234321"

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages