Terraform code to deploy a Flashbots' Ethereum Node Cluster on Goerli testnet:
- Beacon Chain (Prysm)
- Execution Client (Geth)
- Sync Proxy
- High/Low Prio Load Balancer
- Terraform 1.3.x
- tfenv (Optional, Terraform version manager)
- AWS CLI
Generate JWT Secret
echo "export JWTSECRET=$(openssl rand -hex 32 | tr -d /"\n/")" >> .env
source .envPrepare the working directory to execute Terraform
terraform initCreate the infrastructure on AWS
terraform apply -var eth_node_jwtsecret=$JWTSECRETNote: It is not recommended to store the tfstate file locally. You can keep it safely either using a module like terraform-aws-tfstate-backend or Terraform Cloud
Once Terraform is executed for the first time:
Now, the EC2 instances should be able to fetch the archives from the S3 bucket.
The following policies must be attached to the IAM Role or User that executes Terraform:
- AmazonEC2FullAccess
- AmazonSSMReadOnlyAccess
- IAMFullAccess
- CloudWatchLogsFullAccess
- AmazonVPCFullAccess
- AmazonElastiCacheFullAccess
- AmazonS3FullAccess
- AmazonEventBridgeFullAccess
- AWSLambda_FullAccess
To login to an EC2 instance AWS Systems Manager Session Manager is in place, and either the web console or the awscli command can be used to access it.
Fluent-bit is used to ship logs to CloudWatch inside
the log group fluent-bit-cloudwatch. Each service has its own log stream from-fluent-bit-*.