using singlenodeconstruct

Author: Madisonw

lib/allora/allora.ts

@@ -2,8 +2,25 @@
 import 'dotenv/config';
 import 'source-map-support/register';
 import * as cdk from 'aws-cdk-lib';
+import * as ec2 from "aws-cdk-lib/aws-ec2";
+import * as constants from "../constructs/constants";
 import { AlloraStack } from './lib/allora-stack';
 
+const parseDataVolumeType = (dataVolumeType: string) => {
+  switch (dataVolumeType) {
+      case "gp3":
+          return ec2.EbsDeviceVolumeType.GP3;
+      case "io2":
+          return ec2.EbsDeviceVolumeType.IO2;
+      case "io1":
+          return ec2.EbsDeviceVolumeType.IO1;
+      case "instance-store":
+          return constants.InstanceStoreageDeviceVolumeType;
+      default:
+          return ec2.EbsDeviceVolumeType.GP3;
+  }
+};
+
 const app = new cdk.App();
 new AlloraStack(app, 'allora-single-node', {
   stackName: 'allora-single-node',
@@ -16,5 +33,11 @@ new AlloraStack(app, 'allora-single-node', {
   vpcMaxAzs: Number(process.env.AWS_VPC_MAX_AZS || 1),
   vpcNatGateways:  Number(process.env.AWS_VPC_NAT_GATEWAYS || 0),
   vpcSubnetCidrMask: Number(process.env.AWS_VPC_CIDR_MASK),
-  resourceNamePrefix: process.env.AWS_RESOURCE_NAME_PREFIX || 'AlloraWorkerx'
+  resourceNamePrefix: process.env.AWS_RESOURCE_NAME_PREFIX || 'AlloraWorkerx',
+  dataVolume: {
+    sizeGiB: process.env.EDGE_DATA_VOL_SIZE ? parseInt(process.env.EDGE_DATA_VOL_SIZE) : 256,
+    type: parseDataVolumeType(process.env.EDGE_DATA_VOL_TYPE?.toLowerCase() ? process.env.EDGE_DATA_VOL_TYPE?.toLowerCase() : "gp3"),
+    iops: process.env.EDGE_DATA_VOL_IOPS ? parseInt(process.env.EDGE_DATA_VOL_IOPS) : 10000,
+    throughput: process.env.EDGE_DATA_VOL_THROUGHPUT ? parseInt(process.env.EDGE_DATA_VOL_THROUGHPUT) : 700
+  }
 });

lib/allora/lib/allora-stack.ts

@@ -3,9 +3,12 @@ import { Construct } from 'constructs';
 import * as ec2 from 'aws-cdk-lib/aws-ec2';
 import * as s3 from 'aws-cdk-lib/aws-s3';
 import * as s3deploy from 'aws-cdk-lib/aws-s3-deployment';
+import { SingleNodeConstruct, SingleNodeConstructCustomProps } from "../../constructs/single-node"
 import * as fs from 'fs';
 import * as path from 'path';
-// import * as sqs from 'aws-cdk-lib/aws-sqs';
+import * as nag from "cdk-nag";
+import * as iam from "aws-cdk-lib/aws-iam";
+import * as configTypes from "../../constructs/config.interface";
 
 
 export interface AlloraStackProps extends cdk.StackProps {
@@ -15,6 +18,7 @@ export interface AlloraStackProps extends cdk.StackProps {
   vpcNatGateways: number
   vpcSubnetCidrMask: number;
   resourceNamePrefix: string;
+  dataVolume: configTypes.DataVolumeConfig;
 }
 
 
@@ -27,6 +31,7 @@ export class AlloraStack extends cdk.Stack {
     const amiId = props?.amiId || 'ami-04b70fa74e45c3917';
     const instanceType = props?.instanceType || 't2.medium';
     const resourceNamePrefix = props?.resourceNamePrefix || 'AlloraWorkerx';
+    const dataVolume = props?.dataVolume;
 
 
 
@@ -74,31 +79,80 @@ export class AlloraStack extends cdk.Stack {
     const ec2UserData = ec2.UserData.forLinux();
     ec2UserData.addCommands(modifiedUserData);
 
-    // EC2 Instance
-    const instance = new ec2.Instance(this, `${resourceNamePrefix}Instance`, {
-      vpc,
+    // Getting the snapshot bucket name and IAM role ARN from the common stack
+    const importedInstanceRoleArn = cdk.Fn.importValue("EdgeNodeInstanceRoleArn");
+
+    const instanceRole = iam.Role.fromRoleArn(this, "iam-role", importedInstanceRoleArn);
+
+    // Making sure our instance will be able to read the assets
+    bucket.grantRead(instanceRole);
+
+
+    // Define SingleNodeConstructCustomProps
+    const singleNodeProps: SingleNodeConstructCustomProps = {
+      instanceName: `${resourceNamePrefix}Instance`,
       instanceType: new ec2.InstanceType(instanceType),
-      machineImage: ec2.MachineImage.genericLinux({
-        [region]: amiId,
-      }),
-      vpcSubnets: {
-        subnetType: ec2.SubnetType.PUBLIC,
-      },
+      dataVolumes: dataVolume ? [ dataVolume ] : [], // Define your data volumes here
+      machineImage: ec2.MachineImage.genericLinux({ [region]: amiId }),
+      role: instanceRole,
+      vpc: vpc,
+      rootDataVolumeDeviceName: '/dev/sda1',
       securityGroup: securityGroup,
-      blockDevices: [{
-        deviceName: '/dev/sda1',
-        volume: ec2.BlockDeviceVolume.ebs(30, {
-          volumeType: ec2.EbsDeviceVolumeType.GP3,
-        }),
-      }],
-      userData: ec2UserData
-    });
+      availabilityZone: vpc.selectSubnets({ subnetType: ec2.SubnetType.PUBLIC }).availabilityZones[0],
+      vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC },
+    };
+
+    // Instantiate SingleNodeConstruct
+    const singleNode = new SingleNodeConstruct(this, `${resourceNamePrefix}SingleNode`, singleNodeProps);
+
+    const instance = singleNode.instance;
+
+    instance.addUserData(ec2UserData)
 
     // Elastic IP
     const eip = new ec2.CfnEIP(this, `${resourceNamePrefix}EIP`);
     new ec2.CfnEIPAssociation(this, `${resourceNamePrefix}EIPAssociation`, {
       eip: eip.ref,
       instanceId: instance.instanceId,
     });
+
+    nag.NagSuppressions.addResourceSuppressions(
+      this,
+      [
+          {
+              id: "AwsSolutions-EC23",
+              reason: "Inbound access from any IP is required for this application.",
+          },
+          {
+              id: "AwsSolutions-IAM4",
+              reason: "This IAM role requires broad permissions to function correctly.",
+          },
+          {
+              id: "AwsSolutions-IAM5",
+              reason: "Full access is needed for administrative tasks.",
+          },
+          {
+              id: "AwsSolutions-S1",
+              reason: "Server-side encryption is not required for this bucket.",
+          },
+          {
+              id: "AwsSolutions-EC2",
+              reason: "Unrestricted access is required for the instance to operate correctly.",
+          },
+          {
+              id: "AwsSolutions-AS3",
+              reason: "No notifications needed for this specific application.",
+          },
+          {
+              id: "AwsSolutions-S2",
+              reason: "Access logging is not necessary for this bucket.",
+          },
+          {
+              id: "AwsSolutions-S10",
+              reason: "HTTPS requirement is not needed for this bucket.",
+          },
+      ],
+      true
+  );
   }
 }

lib/allora/sample-configs/.env-sample-full

@@ -1,9 +1,14 @@
-AWS_RESOURCE_NAME_PREFIX="AlloraWorkerx"
 AWS_ACCOUNT_ID="xxxxxxxxxxx"
+AWS_RESOURCE_NAME_PREFIX="AlloraWorkerx"
 AWS_REGION="us-east-1"
 AWS_AMI_ID="ami-04b70fa74e45c3917"
 AWS_INSTANCE_TYPE="t2.medium"
 AWS_VPC_MAX_AZS="1"
 AWS_VPC_NAT_GATEWAYS="0"
 AWS_VPC_CIDR_MASK="24"
 
+# Data volume configuration
+EDGE_DATA_VOL_TYPE="gp3"                                                          # Other options: "io1" | "io2" | "gp3" | "instance-store" . IMPORTANT: "instance-store" NOT recommended as it is ephermal and will be reset after stopping the instance. Use "instance-store" option only with instance types that support that feature, like popular for node g4dn, d3, i3en, and i4i instance families
+EDGE_DATA_VOL_SIZE="256"                                                           # Current required data size to keep both snapshot archive and unarchived version of it (not applicable for "instance-store")
+EDGE_DATA_VOL_IOPS="3000"                                                        # Max IOPS for EBS volumes (not applicable for "instance-store")
+EDGE_DATA_VOL_THROUGHPUT="125"                                                    # Max throughput for EBS gp3 volumes (not applicable for "io1" | "io2" | "instance-store")

lib/allora/test/.env-test

@@ -7,3 +7,9 @@ AWS_VPC_MAX_AZS="1"
 AWS_VPC_NAT_GATEWAYS="0"
 AWS_VPC_CIDR_MASK="24"
 
+
+# Data volume configuration
+EDGE_DATA_VOL_TYPE="gp3"                                                          # Other options: "io1" | "io2" | "gp3" | "instance-store" . IMPORTANT: "instance-store" NOT recommended as it is ephermal and will be reset after stopping the instance. Use "instance-store" option only with instance types that support that feature, like popular for node g4dn, d3, i3en, and i4i instance families
+EDGE_DATA_VOL_SIZE="256"                                                           # Current required data size to keep both snapshot archive and unarchived version of it (not applicable for "instance-store")
+EDGE_DATA_VOL_IOPS="3000"                                                        # Max IOPS for EBS volumes (not applicable for "instance-store")
+EDGE_DATA_VOL_THROUGHPUT="125"                                                    # Max throughput for EBS gp3 volumes (not applicable for "io1" | "io2" | "instance-store")

lib/allora/tsconfig.json

@@ -22,7 +22,7 @@
     "experimentalDecorators": true,
     "strictPropertyInitialization": false,
     "typeRoots": [
-      "./node_modules/@types"
+      "../../node_modules/@types"
     ]
   },
   "exclude": [