terraform-aws-ec2-cardano-node
Terraform module that provisions a Cardano node on an EC2 instance.
This project has not be audited for security by a third-party. Use at your own discretion.
Benchmark |
Description |
![Infrastructure Security](https://camo.githubusercontent.com/2d2271ff4f3b55e25cf7e182d606253761de146a8c9bf1ce967f9ba66d353ff2/68747470733a2f2f7777772e627269646765637265772e636c6f75642f6261646765732f6769746875622f6c656234722f7465727261666f726d2d6177732d6563322d63617264616e6f2d6e6f64652f67656e6572616c) |
Infrastructure Security Compliance |
![CIS KUBERNETES](https://camo.githubusercontent.com/64e8e6b6b6b69e348b79c483938b4477ce2cb4e0e57782aeecfd3b32a3ccf0aa/68747470733a2f2f7777772e627269646765637265772e636c6f75642f6261646765732f6769746875622f6c656234722f7465727261666f726d2d6177732d6563322d63617264616e6f2d6e6f64652f6369735f6b756265726e65746573) |
Center for Internet Security, KUBERNETES Compliance |
![CIS AWS](https://camo.githubusercontent.com/062ef0b5014a5d64f5cb6ace02d2a9b0ab134464eb93eac1f0670d5cae362785/68747470733a2f2f7777772e627269646765637265772e636c6f75642f6261646765732f6769746875622f6c656234722f7465727261666f726d2d6177732d6563322d63617264616e6f2d6e6f64652f6369735f617773) |
Center for Internet Security, AWS Compliance |
![CIS AZURE](https://camo.githubusercontent.com/6137d02e758fa21b638c77eb11e11d38f13c5dec7dbc8c36d6efc9be798f17f4/68747470733a2f2f7777772e627269646765637265772e636c6f75642f6261646765732f6769746875622f6c656234722f7465727261666f726d2d6177732d6563322d63617264616e6f2d6e6f64652f6369735f617a757265) |
Center for Internet Security, AZURE Compliance |
![PCI-DSS](https://camo.githubusercontent.com/5e99335fcfdb2571895171b6eb4b72171f24cd4d501b50aab978a8ddb5f92111/68747470733a2f2f7777772e627269646765637265772e636c6f75642f6261646765732f6769746875622f6c656234722f7465727261666f726d2d6177732d6563322d63617264616e6f2d6e6f64652f706369) |
Payment Card Industry Data Security Standards Compliance |
![NIST-800-53](https://camo.githubusercontent.com/d3c011141aff1aec6ffb660cff089b3c43be61db9bdc21e3319ac20c849a9a12/68747470733a2f2f7777772e627269646765637265772e636c6f75642f6261646765732f6769746875622f6c656234722f7465727261666f726d2d6177732d6563322d63617264616e6f2d6e6f64652f6e697374) |
National Institute of Standards and Technology Compliance |
![ISO27001](https://camo.githubusercontent.com/dbf9f6a5b809fe25b888e223a19100ca574aa0952e71bd6b5fbf7a531d9d660d/68747470733a2f2f7777772e627269646765637265772e636c6f75642f6261646765732f6769746875622f6c656234722f7465727261666f726d2d6177732d6563322d63617264616e6f2d6e6f64652f69736f) |
Information Security Management System, ISO/IEC 27001 Compliance |
![SOC2](https://camo.githubusercontent.com/96a65e54582d9e385d34a68309b32eb05b76a057ffb5a95cb8d22722ebcd4f6f/68747470733a2f2f7777772e627269646765637265772e636c6f75642f6261646765732f6769746875622f6c656234722f7465727261666f726d2d6177732d6563322d63617264616e6f2d6e6f64652f736f6332) |
Service Organization Control 2 Compliance |
![CIS GCP](https://camo.githubusercontent.com/99a2088c50041c372a71169e096dc20aa2210e39474e3bf5932669e5b88d747c/68747470733a2f2f7777772e627269646765637265772e636c6f75642f6261646765732f6769746875622f6c656234722f7465727261666f726d2d6177732d6563322d63617264616e6f2d6e6f64652f6369735f676370) |
Center for Internet Security, GCP Compliance |
![HIPAA](https://camo.githubusercontent.com/58d13492e1b9e406e8db5a051e5fe7c7998a07d944fb0dfc2f4fdd469e7c92df/68747470733a2f2f7777772e627269646765637265772e636c6f75642f6261646765732f6769746875622f6c656234722f7465727261666f726d2d6177732d6563322d63617264616e6f2d6e6f64652f6869706161) |
Health Insurance Portability and Accountability Compliance |
This example my be using a version
that is out-of-date, check the registry page for the most recent usage.
module "ec2-cardano-node" {
source = "leb4r/ec2-cardano-node/aws"
version = "0.0.2"
# insert the 4 required variables here
}
Name |
Description |
Type |
Default |
Required |
associate_public_ip_address |
Whether to associate a public IPv4 address for the node |
bool |
false |
no |
backup_cold_storage_after |
Specifies the number of days after creation that a recovery point is moved to cold storage |
number |
30 |
no |
backup_delete_after |
Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than cold_storage_after |
number |
180 |
no |
backup_schedule |
A CRON expression specifying when AWS Backup initiates a backup job |
string |
"cron(0 12 * * ? *)" |
no |
cardano_network |
The cardano network to connect to, (e.g. mainnet or testnet ) |
string |
"mainnet" |
no |
cardano_node_image |
Container image to use for the node |
string |
"docker.io/inputoutput/cardano-node" |
no |
cardano_node_port |
The port to listen for communication on |
number |
3001 |
no |
cardano_node_version |
Version of cardano-node to run |
string |
"master" |
no |
cardano_topology_json |
JSON string to be used as topology config |
string |
"" |
no |
create_kms_key |
Set to false to use separate KMS key |
bool |
true |
no |
create_route53_record |
Set to true to create an A record in Route 53 for the EC2 instance |
bool |
false |
no |
data_volume_size |
Size of data volume of the node |
number |
30 |
no |
ebs_optimized |
Whether the EC2 instance is EBS optimized |
bool |
true |
no |
enable_monitoring |
Whether to enable detailed monitoring for the node |
bool |
true |
no |
instance_type |
The type of instance to use for the node |
string |
"t3.large" |
no |
kms_key_arn |
The ARN of the KMS CMK to use for Encryption |
string |
"" |
no |
prometheus_ingress_cidrs |
Comma-delimited list of CIDR blocks from which to allow Prometheus traffic on |
string |
"0.0.0.0/0" |
no |
root_volume_size |
Size of root volume of the node |
number |
8 |
no |
route53_record_name |
Name of the record to create |
string |
"" |
no |
route53_zone_id |
ID of the Route 53 Zone to create record in |
string |
"" |
no |
subnet_id |
ID off Subnet to deploy node in |
string |
n/a |
yes |
tags |
Map of tags to apply to resources |
map(string) |
{} |
no |
vpc_id |
ID of VPC to deploy node in |
string |
n/a |
yes |