├── .github
└── PULL_REQUEST_TEMPLATE.md
├── CODE_OF_CONDUCT.md
├── LICENSE
├── README.md
├── CONTRIBUTING.md
└── templates
└── fabric-ec2-client.template.yaml
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | *Issue #, if available:*
2 |
3 | *Description of changes:*
4 |
5 |
6 | By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
7 |
--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | ## Code of Conduct
2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
4 | opensource-codeofconduct@amazon.com with any additional questions or comments.
5 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy of
4 | this software and associated documentation files (the "Software"), to deal in
5 | the Software without restriction, including without limitation the rights to
6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
7 | the Software, and to permit persons to whom the Software is furnished to do so.
8 |
9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
10 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
11 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
12 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
13 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
14 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
15 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Amazon Managed Blockchain Client Templates
2 |
3 | The Amazon Managed Blockchain Client Templates enables developers to easily launch client hosts on Amazon EC2 to interact with blockchain networks created by Amazon Managed Blockchain. Each template is an AWS CloudFormation template that provisions an Amazon EC2 instance and installs and configures client software to work with you Amazon Managed Blockchain resources.
4 |
5 | ## Features
6 |
7 | 1. Allows you to select the instance type used for your client host
8 | 2. Configures the client software with endpoint information your provide for your Amazon Managed Blockchain resources
9 | 3. Configures TLS encryption for the client
10 |
11 |
12 | ## Getting Started
13 |
14 | Before creating your client host, you will need to create several resources:
15 | * The Amazon VPC and subnet, Amazon EC2 key pair, Amazon EC2 security group, and an IAM instance profile for the Amazon EC2 instance provisioned.
16 | * The Amazon VPC subnet for the Amazon EC2 instance must have connectivity to the internet, because it will download required libraries from the internet.
17 | * An Amazon Managed Blockchain network with a peer node to provide the endpoint information for the client configuration.
18 |
19 | Load and run the AWS CloudFormation template in your account.
20 |
21 | SSH to the newly created instance to use the client and interact with you Amazon Managed Blockchain resources.
22 |
23 |
24 | ## License Summary
25 |
26 | This sample code is made available under a modified MIT license. See the LICENSE file.
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing Guidelines
2 |
3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
4 | documentation, we greatly value feedback and contributions from our community.
5 |
6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
7 | information to effectively respond to your bug report or contribution.
8 |
9 |
10 | ## Reporting Bugs/Feature Requests
11 |
12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features.
13 |
14 | When filing an issue, please check [existing open](https://github.com/aws-samples/amazon-managed-blockchain-client-templates/issues), or [recently closed](https://github.com/aws-samples/amazon-managed-blockchain-client-templates/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
16 |
17 | * A reproducible test case or series of steps
18 | * The version of our code being used
19 | * Any modifications you've made relevant to the bug
20 | * Anything unusual about your environment or deployment
21 |
22 |
23 | ## Contributing via Pull Requests
24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
25 |
26 | 1. You are working against the latest source on the *master* branch.
27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
29 |
30 | To send us a pull request, please:
31 |
32 | 1. Fork the repository.
33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
34 | 3. Ensure local tests pass.
35 | 4. Commit to your fork using clear commit messages.
36 | 5. Send us a pull request, answering any default questions in the pull request interface.
37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
38 |
39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
41 |
42 |
43 | ## Finding contributions to work on
44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-samples/amazon-managed-blockchain-client-templates/labels/help%20wanted) issues is a great place to start.
45 |
46 |
47 | ## Code of Conduct
48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
50 | opensource-codeofconduct@amazon.com with any additional questions or comments.
51 |
52 |
53 | ## Security issue notifications
54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
55 |
56 |
57 | ## Licensing
58 |
59 | See the [LICENSE](https://github.com/aws-samples/amazon-managed-blockchain-client-templates/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
60 |
61 | We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
62 |
--------------------------------------------------------------------------------
/templates/fabric-ec2-client.template.yaml:
--------------------------------------------------------------------------------
1 | AWSTemplateFormatVersion: '2010-09-09'
2 | Description: 'This template creates an EC2 instance in your VPC. It attaches provided security rules
3 | to the instance to communicate with an existing Amazon Managed Blockchain network.
4 | Additionally, the instance will be bootstrapped with all of the required dependencies to communicate with
5 | entities in the blockchain network.'
6 |
7 | Metadata:
8 | AWS::CloudFormation::Interface:
9 | ParameterGroups:
10 | - Label:
11 | default: EC2 instance parameters
12 | Parameters:
13 | - SubnetID
14 | - EC2SecurityGroup
15 | - EC2KeyPairName
16 | - InstanceType
17 | - InstanceProfileName
18 | - Label:
19 | default: Managed Blockchain parameters
20 | Parameters:
21 | - Version
22 | - MemberID
23 | - Label:
24 | default: Hyperledger Fabric parameters
25 | Parameters:
26 | - FabricCAEndpoint
27 | - OrderingServiceEndpoint
28 | - PeerNodeEndpoint
29 |
30 |
31 | Parameters:
32 | Version:
33 | Description: The version of the blockchain framework that the network uses.
34 | Type: String
35 | Default: 2.2
36 | AllowedValues: [1.2, 1.4, 2.2]
37 | ConstraintDescription: must be a version supported by Amazon Managed Blockchain.
38 | SubnetID:
39 | Description: The ID of an existing subnet into which the EC2 instance is launched. Must be a public subnet.
40 | Type: AWS::EC2::Subnet::Id
41 | EC2SecurityGroup:
42 | Description: The ID of an existing security group to attach to the instance. It must be available in the subnet you specify and allow traffic from the VPC endpoint for your blockchain network.
43 | Type: AWS::EC2::SecurityGroup::Id
44 | EC2KeyPairName:
45 | Description: Name of an existing EC2 key pair to enable SSH access to the instance.
46 | Type: AWS::EC2::KeyPair::KeyName
47 | ConstraintDescription: must be the name of an existing EC2 KeyPair.
48 | InstanceType:
49 | Description: EC2 instance type to use for the client hardware
50 | Type: String
51 | Default: t3.small
52 | AllowedValues: [t2.nano, t2.micro, t2.small, t2.medium, t2.large, t2.xlarge, t2.2xlarge,
53 | t3.nano, t3.micro, t3.small, t3.medium, t3.large, t3.xlarge, t3.2xlarge,
54 | m4.large, m4.xlarge, m4.2xlarge, m4.4xlarge, m4.10xlarge,
55 | m5.large, m5.xlarge, m5.2xlarge, m5.4xlarge,
56 | c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge,
57 | g3.8xlarge,
58 | r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r3.12xlarge,
59 | i3.xlarge, i3.2xlarge, i3.4xlarge, i3.8xlarge,
60 | d2.xlarge, d2.2xlarge, d2.4xlarge, d2.8xlarge]
61 | ConstraintDescription: must be a valid EC2 instance type.
62 | InstanceProfileName:
63 | Description: (Optional) The name of the Instance Profile to attach to the EC2 instance.
64 | Type: String
65 | Default: ''
66 | FabricCAEndpoint:
67 | Description: The endpoint used to access the certificate authority within a membership. Of the format ca...managedblockchain..amazonaws.com:
68 | Type: String
69 | MemberID:
70 | Description: Your member id for the network.
71 | Type: String
72 | OrderingServiceEndpoint:
73 | Description: The endpoint of the ordering service for the network. Of the format orderer..managedblockchain..amazonaws.com:
74 | Type: String
75 | PeerNodeEndpoint:
76 | Description: The endpoint used to communicate with the node on the network. Of the format ...managedblockchain..amazonaws.com:
77 | Type: String
78 |
79 |
80 | Conditions:
81 | HasInstanceProfileName:
82 | !Not [ !Equals [ !Ref 'InstanceProfileName', '' ] ]
83 |
84 | Mappings:
85 | AWSRegionToAMI:
86 | ap-northeast-2:
87 | HVM64: ami-00dc207f8ba6dc919
88 | ap-northeast-1:
89 | HVM64: ami-00a5245b4816c38e6
90 | ap-southeast-1:
91 | HVM64: ami-05b3bcf7f311194b3
92 | eu-west-1:
93 | HVM64: ami-08935252a36e25f85
94 | eu-west-2:
95 | HVM64: ami-01419b804382064e4
96 | us-east-1:
97 | HVM64: ami-0080e4c5bc078760e
98 | AWSRegionToCertificateUrl:
99 | ap-northeast-2:
100 | TLS: https://s3.ap-northeast-2.amazonaws.com/ap-northeast-2.managedblockchain/etc/managedblockchain-tls-chain.pem
101 | ap-northeast-1:
102 | TLS: https://s3.ap-northeast-1.amazonaws.com/ap-northeast-1.managedblockchain/etc/managedblockchain-tls-chain.pem
103 | ap-southeast-1:
104 | TLS: https://s3.ap-southeast-1.amazonaws.com/ap-southeast-1.managedblockchain/etc/managedblockchain-tls-chain.pem
105 | eu-west-1:
106 | TLS: https://s3.eu-west-1.amazonaws.com/eu-west-1.managedblockchain/etc/managedblockchain-tls-chain.pem
107 | eu-west-2:
108 | TLS: https://s3.eu-west-2.amazonaws.com/eu-west-2.managedblockchain/etc/managedblockchain-tls-chain.pem
109 | us-east-1:
110 | TLS: https://s3.us-east-1.amazonaws.com/us-east-1.managedblockchain/etc/managedblockchain-tls-chain.pem
111 | FrameworkVersionToPackageVersion:
112 | "1.2":
113 | DOCKERCOMPOSE: "1.20.0"
114 | GO: "1.10.3"
115 | FABRICTOOLS: "1.2.1"
116 | FABRICCA: "1.2.1"
117 | FABRICSAMPLESBRANCH: "release-1.2"
118 | "1.4":
119 | DOCKERCOMPOSE: "1.20.0"
120 | GO: "1.14.2"
121 | FABRICTOOLS: "1.4.7"
122 | FABRICCA: "1.4.7"
123 | FABRICSAMPLESBRANCH: "release-1.4"
124 | "2.2":
125 | DOCKERCOMPOSE: "1.20.0"
126 | GO: "1.14.2"
127 | FABRICTOOLS: "2.2.4"
128 | FABRICCA: "1.4.7"
129 | FABRICSAMPLESBRANCH: "release-2.2"
130 |
131 | Resources:
132 | EC2Instance:
133 | Type: AWS::EC2::Instance
134 | Properties:
135 | InstanceType: !Ref 'InstanceType'
136 | KeyName: !Ref 'EC2KeyPairName'
137 | ImageId: !FindInMap [ AWSRegionToAMI, !Ref "AWS::Region", HVM64 ]
138 | IamInstanceProfile: !If [ HasInstanceProfileName, !Ref 'InstanceProfileName', !Ref "AWS::NoValue" ]
139 | NetworkInterfaces:
140 | - AssociatePublicIpAddress: "true"
141 | DeviceIndex: "0"
142 | GroupSet: [ !Ref 'EC2SecurityGroup' ]
143 | SubnetId: !Ref 'SubnetID'
144 | Tags:
145 | - Key: 'Name'
146 | Value: 'HyperledgerFabricClient'
147 | UserData:
148 | Fn::Base64:
149 | Fn::Sub:
150 | - |
151 | #!/bin/bash
152 | set -e
153 | set -x
154 |
155 | cd /home/ec2-user
156 |
157 | yum update -y
158 | yum install -y docker
159 | service docker start
160 | usermod -a -G docker ec2-user
161 |
162 | curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
163 | chmod a+x /usr/local/bin/docker-compose
164 | yum install libtool -y
165 | wget https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz
166 | tar -xzf go${GO_VERSION}.linux-amd64.tar.gz
167 | mv go /usr/local
168 | yum install libtool-ltdl-devel -y
169 | pip install --upgrade awscli
170 | yum install git -y
171 |
172 | echo 'export GOROOT=/usr/local/go
173 | export GOPATH=/home/ec2-user/go
174 | export PATH=$GOROOT/bin:$PATH' >> /home/ec2-user/.bash_profile
175 | source /home/ec2-user/.bash_profile
176 |
177 | wget https://github.com/hyperledger/fabric-ca/releases/download/v${FABRIC_CA_VERSION}/hyperledger-fabric-ca-linux-amd64-${FABRIC_CA_VERSION}.tar.gz
178 | tar -xzf hyperledger-fabric-ca-linux-amd64-${FABRIC_CA_VERSION}.tar.gz
179 | cd /home/ec2-user
180 |
181 | echo 'export PATH=$PATH:/home/ec2-user/bin' >> /home/ec2-user/.bash_profile
182 | echo 'export MSP_PATH=/opt/home/admin-msp
183 | export MSP=${MEMBER_ID}
184 | export ORDERER=${ORDERING_SERVICE_ENDPOINT}
185 | export PEER=${PEER_NODE_ENDPOINT}
186 | export CA_ENDPOINT=${FABRIC_CA_ENDPOINT}' >> /home/ec2-user/.bash_profile
187 | source /home/ec2-user/.bash_profile
188 |
189 |
190 | # Setup Fabric-ca client profile
191 | mkdir -p /home/ec2-user/.fabric-ca-client
192 | touch /home/ec2-user/.fabric-ca-client/fabric-ca-client-config.yaml
193 |
194 | echo '
195 | #############################################################################
196 | # Client Configuration
197 | #############################################################################
198 |
199 | # URL of the Fabric-ca-server (default: http://localhost:7054)
200 | url: https://${FABRIC_CA_ENDPOINT}
201 |
202 | # Membership Service Provider (MSP) directory
203 | # This is useful when the client is used to enroll a peer or orderer, so
204 | # that the enrollment artifacts are stored in the format expected by MSP.
205 | mspdir: /home/ec2-user/admin-msp
206 |
207 | #############################################################################
208 | # TLS section for secure socket connection
209 | #
210 | # certfiles - PEM-encoded list of trusted root certificate files
211 | #############################################################################
212 | tls:
213 | # TLS section for secure socket connection
214 | certfiles: /home/ec2-user/managedblockchain-tls-chain.pem
215 | ' > /home/ec2-user/.fabric-ca-client/fabric-ca-client-config.yaml
216 |
217 | chmod 666 /home/ec2-user/.fabric-ca-client/fabric-ca-client-config.yaml
218 |
219 | # Download TLS cert
220 | wget ${TLS_CERT_URL}
221 |
222 | # Download sample chaincode from github
223 | git clone -b ${FABRIC_SAMPLES_BRANCH} https://github.com/hyperledger/fabric-samples.git
224 |
225 | # Bake in some fabric related ENV variables for convenience
226 | echo 'export ORDERER=${ORDERING_SERVICE_ENDPOINT}' >> /home/ec2-user/.bash_profile
227 |
228 | echo 'version: '"'2'"'
229 | services:
230 | cli:
231 | container_name: cli
232 | image: hyperledger/fabric-tools:${FABRIC_TOOLS_VERSION}
233 | tty: true
234 | environment:
235 | - GOPATH=/opt/gopath
236 | - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
237 | - CORE_LOGGING_LEVEL=info # Set logging level to debug for more verbose logging
238 | - CORE_PEER_ID=cli
239 | - CORE_CHAINCODE_KEEPALIVE=10
240 | - CORE_PEER_LOCALMSPID=${MEMBER_ID}
241 | - CORE_PEER_MSPCONFIGPATH=/opt/home/admin-msp
242 | - CORE_PEER_ADDRESS=${PEER_NODE_ENDPOINT}
243 | - CORE_PEER_TLS_ROOTCERT_FILE=/opt/home/managedblockchain-tls-chain.pem
244 | - CORE_PEER_TLS_ENABLED=true
245 | working_dir: /opt/home
246 | command: /bin/bash
247 | volumes:
248 | - /var/run/:/host/var/run/
249 | - /home/ec2-user/fabric-samples/chaincode:/opt/gopath/src/github.com/
250 | - /home/ec2-user:/opt/home' > docker-compose-cli.yaml
251 |
252 | newgrp `id -gn`
253 | /usr/local/bin/docker-compose -f docker-compose-cli.yaml up -d
254 |
255 | - {
256 | DOCKER_COMPOSE_VERSION: !FindInMap [ FrameworkVersionToPackageVersion, !Ref "Version", DOCKERCOMPOSE ],
257 | GO_VERSION: !FindInMap [ FrameworkVersionToPackageVersion, !Ref "Version", GO ],
258 | FABRIC_CA_VERSION: !FindInMap [ FrameworkVersionToPackageVersion, !Ref "Version", FABRICCA ],
259 | TLS_CERT_URL: !FindInMap [ AWSRegionToCertificateUrl, !Ref "AWS::Region", TLS ],
260 | FABRIC_TOOLS_VERSION: !FindInMap [ FrameworkVersionToPackageVersion, !Ref "Version", FABRICTOOLS ],
261 | FABRIC_SAMPLES_BRANCH: !FindInMap [ FrameworkVersionToPackageVersion, !Ref "Version", FABRICSAMPLESBRANCH ],
262 | MEMBER_ID: !Ref "MemberID",
263 | PEER_NODE_ENDPOINT: !Ref "PeerNodeEndpoint",
264 | ORDERING_SERVICE_ENDPOINT: !Ref "OrderingServiceEndpoint",
265 | FABRIC_CA_ENDPOINT: !Ref "FabricCAEndpoint"
266 | }
267 |
268 | Outputs:
269 | InstanceId:
270 | Description: InstanceId of your EC2 client instance
271 | Value: !Ref 'EC2Instance'
272 | AZ:
273 | Description: Availability Zone of your EC2 client instance
274 | Value: !GetAtt [EC2Instance, AvailabilityZone]
275 | PublicDNS:
276 | Description: Public DNSName of your EC2 client instance
277 | Value: !GetAtt [EC2Instance, PublicDnsName]
278 | PublicIP:
279 | Description: Public IP address of your EC2 client instance
280 | Value: !GetAtt [EC2Instance, PublicIp]
281 |
--------------------------------------------------------------------------------