Blockchain CBSA – Objectives – Hyperledger Part 5

10. Deploy AWS with Hyperledger Fabric Part 2 (DEMO ONLY) No support & not on exam

Okay, we’re getting down to the point where we might be able to deploy our cloud formation stack soon. Now, we’re not done yet, so again, I said might because we still got some more work to do. Now what we want to do is we need to create basically a policy. What we need to do is add basically ECS and EC Two, S Three for Cloud Formation to do its work. Now for time purposes and complexity of the class. In reality, I’m not going to go through I am and how to do all these old details and policies. Again, that’s literally a three day class in a lot of cases with AWS to go through all this.

So what I did is I already created a policy and it’s called ECS Three. So that’s the one we’re going to be using. So just be aware. And this is EC. Two blockchain. And that’s the policy name. This gives us the air and we’re going to need as well. Again, it tells us other information that we want to know. But for the purposes, again, it’s sort of hard to get into roles, policies and everything. So what we want to do now is get this ready for us to actually do some work with hyperledger.

So let’s go ahead and move on to the next part. And now also one thing to point out too, is under Roles, we need to create a role. And what I did is and again, you have the instructions in the download if you want to go step by step by step. But for time purposes, I need to keep it under a certain amount of time. And we go into verifier role and we have the policy ECS Three that we just looked at tied to this role called EC Two Blockchain.

Now there is another 20 steps if you want to go through them. And the download document on how to create roles and policies and permissions leave that up to you to decide if you want to do or not. All right, so let’s go back to the dashboard here and let’s get started on deploying our okay, now what we want to do is go back to the cloud formation stack and get our blockchain template deployed.

Now what we want to do is we’re going to deploy our blockchain stack. Okay, now what we want to do is deploy our stack. I’m going to call this Blockchain Book Two because I had previously deployed Blockchain Book, so I’ll call it Number Two. I’m going to leave the default parameters the way it is. I just changed it to testnet said the default.

I selected our VPC that was just created and then I also selected the subnet as well. And then we want to make sure we select the proper key pair that we saved as well as created when we deployed the C Two instance. And we also need to make sure we have the proper security group. Now what we have to do is get the instance profile, ARN. What we want to do to get that is we have to go back to Im and go over to the summary of the role that we created.

Go over here and copy the role, ARN. Don’t copy the instance profile, Erin. That will get you nowhere. Let’s go ahead and copy that. Paste that in. And now we’re going to go ahead and leave the defaults the way it is. There’s no need to change that. And then you’ll see here that it has some Acknowledgments. We do need to acknowledge that cloud formation is going to do what it has to do. Basically, I’ll leave it at that. Now, cloud formation is again a subject in itself beyond the scope of the class. But remember, cloud formation, I told you earlier, is essentially an infrastructure as code solution for AWS. Now what I want to do is create the stack. Now this is going to go ahead and create the stack. It shows that it is basically status as creation and progress. We’ll go back to that once it’s done. This may take one to two or two minutes, maybe three. It depends.

It’s usually pretty quick, though. Okay, so it completed so you can see Create complete and we go down here. Now what we want to do is go to Outputs. Outputs is going to list our Explorer URL. Now when I select the URL, it’s going to bring up the Explorer. Now, if this doesn’t work, let’s say you get basically a Can Connect error. Chances are you don’t have port 80 80 enabled in your EC Two security group, for example, might be enabled in the VPC, but not in the EC Two instance that’s been deployed.

So check that. Okay, so now for the cool part, we go over here and we could see that we have some blocks added. Now block zero is our Genesis block. And then block one is the next block that’s created after. And then over here under the peer graph, you can see that we have our three different peers that were deployed. And when I go down here, you can see that I can expand them and move them around and view them. However, now there isn’t much activity going on because we haven’t initiated an activity.

This is just basically kicking off our blockchain, getting the Genesis block created. And then this is our two organizations. Now if we go over here, this is our dashboard here. Now our network, you can see that we have our URL requests right there. Blocks are listed here. And again, information that might be helpful. And our transactions that occurred. Now we don’t have any contracts loaded, so that’s not going to show that. All right, so that is how you simply deploy Hyperledger Fabric Template, blockchain template that is on AWS. And as part of that, it deploys the Hyperledger Explorer. So that concludes this demo. Let’s go ahead and move on.

11. Deploy AWS with Hyperledger Fabric Part 3 (DEMO ONLY) No support & not on exam

Now what we want to do is add our protocols for web traffic, which is going to be Http and Https. Now port 80 is fine. We’re going to go ahead and leave this as the default. I’m going to add another rule. I’m going to go over here, put in Https and actually select Https and there we go. Those are the two ports that we need to have open to access, for example, web traffic to that VPC, but also any VMs inside of the EC Two instance that we’re running as well in the VPC. Okay? Now the source, we can customize this. We could add a description if we want. We don’t need to make this harder than we need. I’m just going to go ahead and go save the rules.

So I’m going to go ahead and close that. I’m going to double check that our inbound rules looks like the way we want it. You can see that we have our source and if we go over here, this explains the cedar notations as well and the address range as well. So I’m going to go outbound. Now for the outbound, what we want to do is just validate that all traffic is able to leave the EC Two instance out to the Internet in this case. Now in reality, of course, you’re probably not going to want to configure this for your corporate network exactly like this. So it’s up to you to determine your security posture. But for development purposes, this is perfectly reasonable. And now what we want to do is go back to the VPC interface. And now what we want to do is launch an EC Two instance. Now before we launch the EC Two instance, we’re going to need to look out a few things here. Now when we launch an EC Two instance, we’re going to want to configure a few things.

We’re going to of course, want to configure our subnet information. We of course, need to discuss our AMI. We’re going to use we also need to understand the interface. We need to have an elastic IP. Now again, there’s more to this than what we could cover in a short class that’s focused on hyperledger, not AWS. So what I like to do is walk you through how to launch an EC Two instance. When we select launch EC Two, one of the things that comes up is you’ll see over here that it says Free Tier Eligible. Now we can of course launch this on a free tier, but for those folks that are not familiar with Amazon, basically an image in Amazon is called an AMI. This is basically our VM image that’s going to be deployed to get our virtual machine up and running. And we could choose from different operating systems and different configs as well. So before we get started, when we consider deploying EC Two, we need to consider a few things. And with the blockchain template there’s also a few things we want to consider. So the first thing is can we deploy this with free tier or not? And also can we deploy this with Amazon Linux or can we deploy this with Dubonti Susay or Red Hat, et cetera.

And the answer is it depends. And the reason it depends is it really depends on what your requirements are. Is it for development or is it for production? In this case for test development and training we could just go ahead and select a free tier eligible AMI and it will be just fine. It would meet the requirements. There’s no issues of that. So what I’m going to do is I’m going to select the first AMI and as part of this I could use the T two micro. Once again, if this is for serious development or production you probably don’t want to use the micro. I generally like to use the general purpose just because if I’m trying to run the Explorer or if I’m trying to run a transaction there’s that chance that latency could come up. So the T two small generally I’ve not had issues with, but in your case T Two micro could be just fine. So if you don’t want to get out of the free tier this will work just fine. Especially if you just want to play around and take a look and see how it works after. Okay, so I’m going to go ahead and leave it as that. I’m going to go to configure the instance.

What I want to do now is I have to select the number of instances. In this case I only need one instance. I’m not going to create an auto scaling group. Now an auto scaling group is basically a group of VMs that are going to be deployed together that will have the same configuration and we’ll adjust to the workload and it’s a little bit more than that but I’ll leave it up to you to determine what you want to do now. Spot instances probably not something you want to do now. A spot instance is going to be a lower cost instance that can be terminated at any time basically. So you usually don’t want to do that. What I want to do now is I’m going to select the network that I created in the V PC and you can see that it pulled up the VPC subnet as well. As part of that I’m going to basically use a subnet setting. I want to enable that as well in this case.

But again, if you want to have a deployment that’s going to last and be permanent or just use for testing for a few months, you probably want to talk to your security group, your AWS gurus, and figure out what is the proper config in your case. And I’m just going to go and skip over the rest. But I don’t really need to worry about any of this right now. I’m going to actually create a role. I already had some there, but in this case I’m going to skip over that. We’re going to go do that after and affiliate the EC Two with the role. I’m going to go to Review and Launch, and it says that my configuration is not available for free tier usage, which again is just a warning saying that you’re going to pay for this.

I’m going to go to launch now. Okay, now here is something we want to pay attention to. We need to create a key pair. Now, I already have some key pairs, but I’m going to create a new one. I’m going to call this hyperledger demo KP. Going to download the key pair. Now, the key pair is going to be a Pimp file. And what I want to do here is make sure that I save this somewhere that I can get to it. Let me just leave it on my desktop just because I need to go back to that later. Okay? And then I’m going to go ahead and launch the instance. Now, the reason I need to have a Pimp file is I’m going to want to be able to SSH into that and access that and you need to have that key file to be able to do that. All right, so the instance is launching and what we want to do is go back over here to the EC Two instance, to the EC Two dashboard and you’ll see that this will come up as one running eventually.

It may take a minute, so we’ll come back to that when it is ready. Okay, now that we have our instance running, what we want to do now is go over here and just validate the status. Okay, that looks like we’re up and running. That’s great. Now what we want to do is go down here and select Elastic IP. We’re going to want to provision an Elastic IP. This is going to allow basically this instance to be accessed from the Internet, but also to access the Internet. It’s basically a publicly available IP and we want it to be static as well. So I have two elastic IPS. There already. So what I want to do, just for the sake of sanity and make sure I don’t overlap anything, let me go ahead and release those IPS just to be safe. It’s pretty easy to get confused as well. So I’m just going to go back here, go to Actions, release the IP address. Okay, so now what I want to do, and especially if this is your first time doing this, this is what you’ll see. So allocate a new address. Now I have two options. I’m going to go with the Amazon pool because first of all, I don’t have any owned by me.

And second, if I select this, you’ll see that I’ll need a custom pool. I didn’t set anything up in this case here. Amazon pool is good. It’s going to give me a brand new IP, and that’s the one we’re going to be using for the Elastic IP for that EC Two instance. Now that we have our IP, we now have to worry about key pairs. So basically we saved our key pair and we need to have the key pair for SSH access. So what I want to do is go back to the ECT dashboard and you can see that I have key pairs there. So when I select key pairs, I’m going to go and select the key pair that I had just saved, which is this one here. Now remember, down here you can see that there’s a Hyper ledger demo and it’s hard to see the pen file. That’s the key pair that I had created earlier. That’s what I’m going to use now in case you haven’t created a key pair, just go up here to create a keep here.

Put in a name and it’ll go ahead and create that keep here for you. It’s very straightforward, to be honest. Okay, so we have our keypo ready to go. Create your own in the demo guide, I think it’s called Blockchain Book. Whatever I named it, feel free to name it whatever makes sense in your case for the demo purposes, that’s the one I’m going to use right here. Now we now have our EC two instance up and running. We have our key file ready to go. We now have to allow access. And also too, we have our Elastic IP as well. And now what we have to do is I need to create another security group. And this security group is going to allow access for TCP. So we need to allow access to get into the VM, for example, like port 22. So let’s go ahead and go up to the dashboard again. And what we want to do is go down actually to network insecurity, select security groups. Okay, so we had created one already called Hyperledger. Actually, this was the one I created for this one is Demo Sghp Fabric. And now what I need to do, and you can see there, this is for the demo class.

Now what I want to do now is I have to create another security group. So to do that is, again, fairly straightforward. We already did it, so let’s go create a security group. And I’m going to call this basically in this case, and again, if we go back here, I think I had again follow what I gave you. But for me, I’m just going off filter because I did have a couple of demos. I created one, so actually I’m going to call this a blockchain class. And this is the security group for inbound connections. Let’s say now we have to create an inbound rule. And I’m going to go ahead and add a couple of rules in here. So the first thing I’m going to want to add is go up and type in SSH that’ll add port 22 and then if I wanted to have a custom range I could or I could say anywhere or my IP.

Now what’s nice about my IP is that it’ll pick up the IP address that you’re using in Amazon web services already. So that’ll be the address that I’m currently using. Or you could just say anywhere if you want as well. That’s your call. So for the purposes of this exercise, I’m going to just leave it anywhere just in case because most providers do use DHCP and I don’t want to have any issues playing around. So I’ll just leave it open and then what I typically do is I just shut it off immediately. So that’s one rule. Let’s go ahead and add another rule. Now let’s say for example, I want to have monitoring, and if I want to have monitoring, I need to of course add whatever protocols for monitoring. In this case here, I’m going to say custom protocol. I’m going to put in Http and I’m going to actually say 80 80. So for example, if you wanted to use on prem Stackdriver or something, you could do that cloud Watch, it’s up to you. Once again, it’s your call on what you want to do and that is the inbound rule.

Now let’s go to outbound and you could just validate that the traffic says all traffic. Now remember, the first security group was for the virtual private cloud. The second security group here is for the EC two instance itself. So as I had stated earlier, there’s a lot of little details to get right before we could deploy anything. Okay? So let’s go create and that has just created that VPC.

So let’s just double check our inbound rules, okay? And outbound should be all traffic. That looks good. And I also want to just clarify here as well that the inbound is correct there and outbound as well, just in case, okay? So that’s really the main thing we want to know for security groups. Okay? So we have some more work to do. We’re not done yet. What we want to do now is we need to set an Im policy. So let’s go over to Im and if we type in I Am, we’ll go over to Identity and Access Management.