|
17 | 17 | 3. You will need access to a fully-synced Ethereum RPC endpoint before running Juno. |
18 | 18 | 4. The Starknet node sends various monitoring metrics for both EC2 and Starknet nodes to Amazon CloudWatch. |
19 | 19 |
|
| 20 | +## Additional Materials |
| 21 | + |
| 22 | +<details> |
| 23 | + |
| 24 | +<summary>Well-Architected Checklist</summary> |
| 25 | + |
| 26 | +This is the Well-Architected checklist for Stacks nodes implementation of the AWS Blockchain Node Runner app. This checklist takes into account questions from the [AWS Well-Architected Framework](https://aws.amazon.com/architecture/well-architected/) which are relevant to this workload. Please feel free to add more checks from the framework if required for your workload. |
| 27 | + |
| 28 | +| Pillar | Control | Question/Check | Remarks | |
| 29 | +|:------------------------|:----------------------------------|:---------------------------------------------------------------------------------|:-----------------| |
| 30 | +| Security | Network protection | Are there unnecessary open ports in security groups? | There are no ports open to public. RPC port 6060 is open only IP addresses from the same VPC. | |
| 31 | +| | | Traffic inspection | AWS WAF could be implemented for traffic inspection. Additional charges will apply. | |
| 32 | +| | Compute protection | Reduce attack surface | This solution uses Ubuntu Server 20.04 AMI. You may choose to run hardening scripts on it. | |
| 33 | +| | | Enable people to perform actions at a distance | This solution uses AWS Systems Manager for terminal session, not ssh ports. | |
| 34 | +| | Data protection at rest | Use encrypted Amazon Elastic Block Store (Amazon EBS) volumes | This solution uses encrypted Amazon EBS volumes. | |
| 35 | +| | | Use encrypted Amazon Simple Storage Service (Amazon S3) buckets | This solution uses Amazon S3 managed keys (SSE-S3) encryption. | |
| 36 | +| | Data protection in transit | Use TLS | TLS is not used in this solution. Port 6060 is the only open port, but you may create HTTPS listener with self signed certificate if TLS is desired. | |
| 37 | +| | Authorization and access control | Use instance profile with Amazon Elastic Compute Cloud (Amazon EC2) instances | This solution uses AWS Identity and Access Management (AWS IAM) role instead of IAM user. | |
| 38 | +| | | Following principle of least privilege access | In all node types, root user is not used (using special user "ubuntu" instead). | |
| 39 | +| | Application security | Security focused development practices | cdk-nag is being used with appropriate suppressions. | |
| 40 | +| Cost optimization | Service selection | Use cost effective resources | 1. AMD-based instances are used for Consensus and RPC node to save the costs. Consider compiling Graviton-based binaries to improve costs for compute.<br/>2. Cost-effective EBS gp3 are preferred instead of io2. | |
| 41 | +| | Cost awareness | Estimate costs | Single RPC node with `m6a.2xlarge` EBS gp3 volume about 600 GB with On-Demand pricing will cost around US$323.29 per month in the US East (N. Virginia) region not including network requests for follower nodes. More analysis needed. | |
| 42 | +| Reliability | Resiliency implementation | Withstand component failures | This solution ues only for a single-node deployment. If the running node failed, you will need to undeploy the existing stack and re-deploy the node again. | |
| 43 | +| | Data backup | How is data backed up? | Considering blockchain data is replicated by nodes automatically and Starknet nodes sync from start within an hour and a half, we don't use any additional mechanisms to backup the data. | |
| 44 | +| | Resource monitoring | How are workload resources monitored? | Resources are being monitored using Amazon CloudWatch dashboards. Amazon CloudWatch custom metrics are being pushed via CloudWatch Agent. | |
| 45 | +| Performance efficiency | Compute selection | How is compute solution selected? | Compute solution is selected based on best price-performance, i.e. AWS AMD-based Amazon EC2 instances. | |
| 46 | +| | Storage selection | How is storage solution selected? | Storage solution is selected based on best price-performance, i.e. gp3 Amazon EBS volumes with optimal IOPS and throughput. | |
| 47 | +| | Architecture selection | How is the best performance architecture selected? | We used a combination of recommendations from the Starknet community. | |
| 48 | +| Operational excellence | Workload health | How is health of workload determined? | We rely on metrics reported to CloudWatch by `/opt/syncchecker.sh` script. | |
| 49 | +| Sustainability | Hardware & services | Select most efficient hardware for your workload | The solution uses AMD-powered instances. There is a potential to use AWS Graviton-based Amazon EC2 instances which offer the best performance per watt of energy use in Amazon EC2. | |
| 50 | +</details> |
20 | 51 |
|
21 | | -## Hardware Requirements |
| 52 | +### Hardware Requirements |
22 | 53 |
|
23 | 54 | **Minimum for Starknet node** |
24 | 55 |
|
|
28 | 59 | **Recommended for Starknet node** |
29 | 60 |
|
30 | 61 | - Instance type [m6a.2xlarge](https://aws.amazon.com/ec2/instance-types/m6a/). |
31 | | -- 250GB EBS gp3 storage with at least 3000 IOPS.` |
32 | | - |
33 | | -</details> |
| 62 | +- 600GB EBS gp3 storage with at least 3000 IOPS to store and upzip snapshots. |
34 | 63 |
|
35 | 64 | ## Setup Instructions |
36 | 65 |
|
|
0 commit comments