diff --git a/lib/bitcoin-core/README.md b/lib/bitcoin-core/README.md new file mode 100644 index 00000000..2787e188 --- /dev/null +++ b/lib/bitcoin-core/README.md @@ -0,0 +1,439 @@ +## Sample AWS Blockchain Node Runner app for Bitcoin Nodes + +| Contributed by | +|:--------------------------------:| +| [Simon Goldberg](https://github.com/racket2000)| + +### Overview + +This guide walks you through deploying a Bitcoin Core mainnet node in a **Virtual Private Cloud (VPC)** using **Docker**, leveraging **AWS Secrets Manager** for secure credential handling. This configuration ensures robust security and performance while optimizing data transfer costs. + +--- + +## Well-Architected + +
+Review pros and cons of this solution. + +### Well-Architected Checklist + +This is the Well-Architected checklist for **Bitcoin Core node implementation** of the AWS Blockchain Node Runner app. This checklist takes into account questions from the [AWS Well-Architected Framework](https://aws.amazon.com/architecture/well-architected/) which are relevant to this workload. Please feel free to add more checks from the framework if required for your workload. + +| Pillar | Control | Question/Check | Remarks | +|:------------------------|:----------------------------------|:---------------------------------------------------------------------------------|:-----------------| +| Security | Network protection | Are there unnecessary open ports in security groups? | Port 8332 (RPC) is restricted to the VPC. | +| | | Traffic inspection | Optional: VPC Flow Logs or traffic mirroring can be enabled for deeper inspection. | +| | Compute protection | Reduce attack surface | This solution uses Amazon Linux 2 AMI. No SSH access is enabled; SSM is used. | +| | | Enable people to perform actions at a distance | This solution uses AWS Systems Manager Session Manager. | +| | Data protection at rest | Use encrypted Amazon Elastic Block Store (Amazon EBS) volumes | Encrypted Amazon EBS volumes are used. | +| | Data protection in transit | Use TLS | The AWS Application Load balancer currently uses HTTP listener. Create HTTPS listener with self signed certificate if TLS is desired. | +| | Authorization and access control | Use instance profile with Amazon Elastic Compute Cloud (Amazon EC2) instances | AWS IAM role is attached to the EC2 instance. | +| | | Following principle of least privilege access | IAM privileges are scoped down to what is necessary. | +| | Application security | Security focused development practices | `cdk-nag` is used with appropriate suppressions. | +| Cost optimization | Service selection | Use cost effective resources | Cost efficient T3 instances provide a baseline level of CPU performance with the ability to burst CPU usage at any time for as long as required. T3 instances are designed for applications with moderate CPU usage that experience temporary spikes in use. | +| Reliability | Resiliency implementation | Withstand component failures | Single node deployment. Can be extended with backup nodes and monitoring. | +| | Resource monitoring | How are workload resources monitored? | Amazon CloudWatch Dashboards track CPU, memory, disk, network, and block height. | +| Performance efficiency | Compute selection | How is compute solution selected? | Compute solution is selected based on performance needs and budget. | +| | Storage selection | How is storage solution selected? | EBS volumes (e.g. gp3 or io2) are selected for consistent throughput and IOPS. | +| Operational excellence | Workload health | How is health of workload determined? | Health is tracked using CloudWatch custom metrics including block height. | +| Sustainability | Hardware & services | Select most efficient hardware for your workload | T3A instances offer efficient memory utilization, reducing power and cost. | + +
+ +### Getting Started + +#### Open AWS CloudShell + +To begin, ensure you login to your AWS account with permissions to create and modify resources in IAM, EC2, EBS, VPC, S3, KMS, and Secrets Manager. + +From the AWS Management Console, open the [AWS CloudShell](https://docs.aws.amazon.com/cloudshell/latest/userguide/welcome.html), a web-based shell environment. If unfamiliar, review the [2-minute YouTube video](https://youtu.be/fz4rbjRaiQM) for an overview and check out [CloudShell with VPC environment](https://docs.aws.amazon.com/cloudshell/latest/userguide/creating-vpc-environment.html) that we'll use to test nodes API from internal IP address space. + +Once ready, you can run the commands to deploy and test blueprints in the CloudShell. + +#### Cloning the Repository + +First, clone the repository and install the dependencies: + +``` +git clone https://github.com/aws-samples/aws-blockchain-node-runners.git +cd aws-blockchain-node-runners +npm install +``` + +Before proceeding, ensure you have the AWS CLI installed and configured. + +### Configuration + +1. Make sure you are in the root directory of the cloned repository. + +2. If you have deleted or don't have the default VPC, create default VPC + +``` +aws ec2 create-default-vpc +``` +> **NOTE:** *You may see the following error if the default VPC already exists: `An error occurred (DefaultVpcAlreadyExists) when calling the CreateDefaultVpc operation: A Default VPC already exists for this account in this region.`. That means you can just continue with the following steps.* + +3. Create your own copy of `.env` file and edit it to update with your AWS Account ID and Region: + +```bash +cd lib/bitcoin-core +cp ./sample-configs/.env-sample-bitcoin-mainnet .env +vim .env +``` + +4. Deploy common components such as IAM role: + +```bash +npx cdk deploy BitcoinCommonStack +``` + +### Generating RPC Authentication + +To interact with the Bitcoin Core RPC endpoint within your isolated VPC environment, run the following command before deploying the Bitcoin Node via CDK: + +``` +# Make sure you are in aws-blockchain-node-runners/lib/bitcoin-core +node generateRPCAuth.js +``` + +For a deeper dive and an overview of credential rotation, see [RPC Authentication -- Deep Dive](#rpc-authentication----deep-dive). + + +### Deploying the Node + +To deploy a single node setup, use the following command: + +``` +npx cdk deploy SingleNodeBitcoinCoreStack --outputs-file single-node-outputs.json +``` + +For High Availability (HA) node deployment, use: + +``` +npx cdk deploy HABitcoinCoreNodeStack --outputs-file ha-nodes-outputs.json +``` + +### Deployment Architectures for Bitcoin Nodes + +#### Single Node Setup +![Single Node Deployment](./doc/assets/Bitcoin-Single-Node-Arch.png) + +- A **Bitcoin node** deployed in a **public subnet** continuously synchronizes with the Bitcoin network. +- Outbound peer-to-peer (P2P) communication flows through an **Internet Gateway (IGW)**. +- The node's security group permits incoming P2P connections on port 8333. +- The node's RPC methods can be accessed from within the VPC. +- The Bitcoin node sends various monitoring metrics to Amazon CloudWatch. + +#### High Availability (HA) Setup +![HA Node Deployment](./doc/assets/Bitcoin-HA-Nodes-Arch.png) + +- Deploying **multiple Bitcoin nodes** in an **Auto Scaling Group** enhances fault tolerance and availability. +- The nodes' RPC endpoints are exposed through an **Application Load Balancer (ALB)**. The ALB implements session persistence using a "stickiness cookie". This ensures that subsequent requests from the same client are consistently routed to the same node, maintaining session continuity. The stickiness duration is set to 90 minutes but can be configured for up to 7 days. Note: The Bitcoin Core nodes in the HA setup do not share state (e.g., wallet, mempool) +- HA nodes do not expose the RPC endpoint to the public internet. This endpoint can be accessed from within the VPC. + +--- + +### Accessing and Using bitcoin-cli on a Bitcoin Core Instance + +To interact with your Bitcoin Core instance, you'll need to use AWS Systems Manager, as direct SSH access is not available. + +Bitcoin Core supports cookie-based authentication by default, so interacting with the `bitcoin-cli` from the node itself does not require credentials. + +From your CloudShell terminal, run the following command to connect to your node via Systems Manager: + +``` +export INSTANCE_ID=$(jq -r '.SingleNodeBitcoinCoreStack.BitcoinNodeInstanceId' single-node-outputs.json) +echo "INSTANCE_ID="$INSTANCE_ID +aws ssm start-session --target $INSTANCE_ID --region $AWS_REGION +``` + +**Note**: You can alternatively connect to your node via Systems Manager in the AWS Console with the following steps: + - Open the AWS Console and navigate to EC2 Instances. + - Locate and select the instance named `SingleNodeBitcoinCoreStack/BitcoinSingleNode`. + - Click the "Connect" button. + - Choose "Session Manager" from the connection options. + - Select "Connect" to establish a session. + +**Execute an RPC Call:** +Once connected, you can interact with the Bitcoin Core node using Docker commands. + +To test the RPC interface, use the following command: + +``` +sudo docker exec -it bitcoind bitcoin-cli getblockchaininfo +``` + + This command executes the `getblockchaininfo` RPC method, which returns current state information about the blockchain. + +**Interpreting Results:** + - The output will provide detailed information about the current state of the blockchain, including the current block height, difficulty, and other relevant data. + - You can use similar commands to execute other RPC methods supported by Bitcoin Core. + +--- +### Secure RPC Access with AWS Secrets Manager + +For a client to securely interact with the Bitcoin Core RPC endpoint from a subnet within your VPC environment, AWS Secrets Manager is leveraged for credential storage and retrieval. + +#### Retrieving Credentials +First, retrieve the RPC credentials from AWS Secrets Manager in your CloudShell tab: + +``` +export BTC_RPC_AUTH=$(aws secretsmanager get-secret-value --secret-id bitcoin_rpc_credentials --query SecretString --output text) +echo "BTC_RPC_AUTH=$BTC_RPC_AUTH" +``` + +#### Single node RPC Call using credentials +To make an RPC call to a single Bitcoin node, run the following command to retrieve the private IP address of your Bitcoin node: + +``` +export BITCOIN_NODE_IP=$(jq -r '.SingleNodeBitcoinCoreStack.BitcoinNodePrivateIP' single-node-outputs.json) +echo "BITCOIN_NODE_IP=$BITCOIN_NODE_IP" +``` +Copy output from the last `echo` command with `BITCOIN_NODE_IP=` and open [CloudShell tab with VPC environment](https://docs.aws.amazon.com/cloudshell/latest/userguide/creating-vpc-environment.html) to access internal IP address space. Paste `BITCOIN_NODE_IP=` into the new CloudShell tab. + +Additionally, copy the output from the first `echo` command with `BTC_RPC_AUTH=` into the CloudShell VPC environment. + +Then query the node: + +``` +curl --user "$BTC_RPC_AUTH" \ + --data-binary '{"jsonrpc": "1.0", "id": "curltest", "method": "getblockchaininfo", "params": []}' \ + -H 'content-type: text/plain;' http://$BITCOIN_NODE_IP:8332/ +``` + +#### High Availability (HA) RPC Call using credentials + +Use the following command from your CloudShell terminal to retrieve your load balancer's DNS name: + +``` +export LOAD_BALANCER_DNS=$(jq -r '.HABitcoinCoreNodeStack.LoadBalancerDNS' ha-nodes-outputs.json) +echo LOAD_BALANCER_DNS=$LOAD_BALANCER_DNS +``` +Copy output from the last `echo` command with `RPC_ABL_URL=` and open [CloudShell tab with VPC environment](https://docs.aws.amazon.com/cloudshell/latest/userguide/creating-vpc-environment.html) to access internal IP address space. Paste `RPC_ABL_URL=` into the new CloudShell tab. + +Note: Make sure that you pasted `BTC_RPC_AUTH=` into the CloudShell VPC environment as well. + + Execute the following command to make an RPC request to your HA node setup: + +``` +curl --user "$BTC_RPC_AUTH" \ + --data-binary '{"jsonrpc": "1.0", "id": "curltest", "method": "getblockchaininfo", "params": []}' \ + -H 'content-type: text/plain;' \ + $LOAD_BALANCER_DNS +``` + +--- + + +### **Bitcoin Core: Creating an Encrypted Wallet for Payments** + +This guide covers how to create an encrypted Bitcoin Core wallet specifically designed for receiving and managing payments in a secure and efficient way. + +Note: Make sure that you run the following commands after accessing the node via Systems Manager. + +--- + +#### **1. Create an Encrypted Payment Wallet** + +To create a wallet specifically for handling payments, use the following command: + +``` +sudo docker exec -it bitcoind bitcoin-cli createwallet "payments" false false "my_secure_passphrase" +``` + +- **payments:** The wallet name, indicating its purpose. +- **passphrase:** A secure, memorable phrase to protect your funds. + +##### **Why Encrypt?** +- Protects against unauthorized access. +- Ensures funds are safe even if the server is compromised. + +--- + +#### **2. Generate a Receiving Address** + +To receive payments, generate a new address. You do not need to unlock the wallet for this step: + +``` +sudo docker exec -it bitcoind bitcoin-cli -rpcwallet="payments" getnewaddress "customer1" "bech32" +``` + +- **customer1:** Label to identify payments from this customer. +- **bech32:** Generates a SegWit address for lower transaction fees. + +**Example Output:** +``` +bc1qxyzabc123... (Bech32 address) +``` + +--- + +#### **3. Monitor Incoming Payments** + +To check the balance and verify received payments: + +``` +sudo docker exec -it bitcoind bitcoin-cli -rpcwallet="payments" getbalance +``` + +- Displays the total balance held in the wallet. + +To view detailed transactions: + +``` +sudo docker exec -it bitcoind bitcoin-cli -rpcwallet="payments" listtransactions +``` + +--- + +#### **4. Sending Payments (Requires Unlocking)** + +When making a payout or transferring funds, you need to unlock the wallet: + +``` +sudo docker exec -it bitcoind bitcoin-cli -rpcwallet="payments" walletpassphrase "my_secure_passphrase" 600 +``` + +- Unlocks the wallet for **600 seconds (10 minutes)**. + +#### **Send Bitcoin to a specified address:** + +``` +sudo docker exec -it bitcoind bitcoin-cli -rpcwallet="payments" sendtoaddress "bc1qrecipientaddress" 0.01 "Payment for service" +``` + +- Sends **0.01 BTC** with an optional label for record-keeping. + + +#### **5. Lock the Wallet After Use** + +For enhanced security, immediately lock the wallet after transactions: + +``` +sudo docker exec -it bitcoind bitcoin-cli -rpcwallet="payments" walletlock +``` + + + +#### **6. Backup the Wallet** + +To protect your payment data, back up the encrypted wallet regularly: + +``` +sudo docker exec -it bitcoind bitcoin-cli -rpcwallet="payments" backupwallet "/path/to/backup/payments.dat" +``` + + +#### **Security Tips for Payment Wallets** +- Use strong passphrases and store them securely offline. +- Regularly backup your wallet after creating new addresses or receiving payments. +- Consider setting up automated wallet backups to ensure data integrity. + +--- +### RPC Authentication -- Deep Dive + +The `generateRPCAuth.js` script is responsible for generating secure authentication credentials for your Bitcoin node. This script creates a randomly generated **username** and **password** along with a **salt**. The password and salt are then combined and hashed using the **SHA256** algorithm to produce a secure **hash**. This hash is combined with the username to generate the final **rpcauth** parameter that is appended to the `bitcoin.conf` file. + +The final `rpcauth` line in `bitcoin.conf` looks like this: + +``` +rpcauth=user_258:c220c5f38690bf880f0dd177547e55f7$77c6ec2dd90e792d60450b01a84cc8c2563a7fb1d0fbd73de49be818fde4b407 +``` + +- The **rpcauth** part consists of a **username**, **salt**, and a **hashed password**, providing robust protection in the case that your `bitcoin.conf` is accessed by an unauthorized entity. +- The randomly generated **username** and **password** are securely stored in **AWS Secrets Manager**. + +By using this script, it ensures that your node has unique and secure credentials. + +### Rotating RPC Secrets + +To maintain security, rotate RPC credentials periodically using the `generateRPCAuth.js` script: + +``` +node generateRPCAuth.js +``` + +This will update the value of your credentials in Secrets Manager. + +**Replacing the Credentials and Restarting the Node to Apply Updates** + +- Replace the old `rpcauth` value from the `bitcoin.conf` file with the new one. Make sure that you change the placeholder value for `[new rpcauth string with escape char]` (this is printed to the terminal after running the `generateRPCAuth` script): + + ``` + sudo docker exec -it bitcoind sh -c "sed -i 's/^rpcauth=.*/rpcauth=[new rpcauth string with escape char]/' /root/.bitcoin/bitcoin.conf" + ``` +- Restart the Bitcoin node to apply changes: + ``` + sudo docker restart bitcoind + ``` + +#### Verifying the Credential Rotation + +Make an RPC call to ensure the new credentials are active: + +``` +curl --user "$BTC_RPC_AUTH" \ + --data-binary '{"jsonrpc": "1.0", "id": "curltest", "method": "getblockchaininfo", "params": []}' \ + -H 'content-type: text/plain;' http://:8332/ +``` + +--- + +### Monitoring and Troubleshooting + +Keep your node healthy by monitoring logs and configurations. + +These can be run after accessing the node via Systems Manager: + +``` +export INSTANCE_ID=$(jq -r '.SingleNodeBitcoinCoreStack.BitcoinNodeInstanceId' single-node-outputs.json) +echo "INSTANCE_ID="$INSTANCE_ID +aws ssm start-session --target $INSTANCE_ID --region $AWS_REGION +``` + +- Check recent Bitcoin logs: + ``` + sudo docker logs -f --tail 100 bitcoind + ``` + +- Check first 100 Bitcoin logs: + ``` + sudo docker logs bitcoind | head -n 100 + ``` + +- View the configuration file: + ``` + sudo docker exec -it bitcoind cat /root/.bitcoin/bitcoin.conf + ``` +- View user data logs: + ``` + sudo cat /var/log/cloud-init-output.log + ``` + + +--- + +### Additional Tips and Best Practices + +- Regularly rotate secrets and always remove old `rpcauth` entries before restarting the node. +- Use **CloudWatch** to monitor node performance and detect issues promptly. + +--- + +### Cleaning up +To destroy the single node and HA configurations, you can run the following commands: + +``` +#Delete Single Node Infra +cdk destroy SingleNodeBitcoinCoreStack + +#Delete HA Infra +cdk destroy HABitcoinCoreNodeStack +``` + + +--- + +### Conclusion + +Deploying and managing a Bitcoin node on AWS requires careful configuration to ensure security, cost efficiency, and high availability. By following the best practices outlined in this guide, you can maintain a robust and secure node while minimizing costs. Stay proactive with monitoring and regularly update credentials to keep your node running smoothly. diff --git a/lib/bitcoin-core/app.js b/lib/bitcoin-core/app.js new file mode 100644 index 00000000..f94074fb --- /dev/null +++ b/lib/bitcoin-core/app.js @@ -0,0 +1,28 @@ +#!/usr/bin/env node +require('dotenv').config(); // Load .env first +const cdk = require('aws-cdk-lib'); +const { Aspects } = require('aws-cdk-lib'); +const { AwsSolutionsChecks } = require('cdk-nag'); +const { BitcoinCommonStack } = require('./lib/common-infra'); +const { SingleNodeBitcoinCoreStack } = require('./lib/single-node-stack'); +const { HABitcoinCoreNodeStack } = require('./lib/ha-node-stack'); + +const app = new cdk.App(); + +Aspects.of(app).add(new AwsSolutionsChecks({ verbose: true })); + +const env = { + account: process.env.AWS_ACCOUNT_ID, + region: process.env.AWS_REGION, +}; + +const commonStack = new BitcoinCommonStack(app, 'BitcoinCommonStack', { env }); +new SingleNodeBitcoinCoreStack(app, 'SingleNodeBitcoinCoreStack', { + env, + instanceRole: commonStack.instanceRole, +}); + +new HABitcoinCoreNodeStack(app, 'HABitcoinCoreNodeStack', { + env, + instanceRole: commonStack.instanceRole, +}); diff --git a/lib/bitcoin-core/cdk.json b/lib/bitcoin-core/cdk.json new file mode 100644 index 00000000..694731ca --- /dev/null +++ b/lib/bitcoin-core/cdk.json @@ -0,0 +1,3 @@ +{ + "app": "node app.js" +} diff --git a/lib/bitcoin-core/doc/assets/Bitcoin-HA-Nodes-Arch.png b/lib/bitcoin-core/doc/assets/Bitcoin-HA-Nodes-Arch.png new file mode 100644 index 00000000..0aa8a7df Binary files /dev/null and b/lib/bitcoin-core/doc/assets/Bitcoin-HA-Nodes-Arch.png differ diff --git a/lib/bitcoin-core/doc/assets/Bitcoin-Single-Node-Arch.png b/lib/bitcoin-core/doc/assets/Bitcoin-Single-Node-Arch.png new file mode 100644 index 00000000..6c2f9d97 Binary files /dev/null and b/lib/bitcoin-core/doc/assets/Bitcoin-Single-Node-Arch.png differ diff --git a/lib/bitcoin-core/generateRPCAuth.js b/lib/bitcoin-core/generateRPCAuth.js new file mode 100644 index 00000000..c3d59f50 --- /dev/null +++ b/lib/bitcoin-core/generateRPCAuth.js @@ -0,0 +1,100 @@ +const crypto = require('crypto'); +const base64url = require('base64url'); +const fs = require('fs'); +const { SecretsManagerClient, CreateSecretCommand, PutSecretValueCommand } = require('@aws-sdk/client-secrets-manager'); + +// Set up AWS SDK client +const client = new SecretsManagerClient({ region: 'us-east-1' }); // Change region if needed + +// Create size byte hex salt +function genSalt(size = 16) { + const buffer = crypto.randomBytes(size); + return buffer.toString('hex'); +} + +// Create 32 byte b64 password +function genPass(size = 32) { + const buffer = crypto.randomBytes(size); + return base64url.fromBase64(buffer.toString('base64')); +} + +function genUser() { + return 'user_' + Math.round(Math.random() * 1000); +} + +function genHash(password, salt) { + const hash = crypto + .createHmac('sha256', salt) + .update(password) + .digest('hex'); + return hash; +} + +function genRpcAuth(username = genUser(), password = genPass(), salt = genSalt()) { + const hash = genHash(password, salt); + return { username, password, salt, hash }; +} + +function writeRpcAuthToConf(rpcauthStr) { + const confPath = 'lib/bitcoin.conf'; + try { + fs.writeFileSync(confPath, rpcauthStr + '\n', { flag: 'a' }); + console.log(`Successfully wrote to ${confPath}`); + } catch (error) { + console.error(`Error writing to ${confPath}:`, error); + } +} + +async function storeCredentialsInAWS(username, password) { + const secretName = 'bitcoin_rpc_credentials'; + const secretValue = `${username}:${password}`; + + try { + const createCommand = new CreateSecretCommand({ + Name: secretName, + SecretString: secretValue, + }); + await client.send(createCommand); + console.log(`Successfully stored credentials in AWS Secrets Manager: ${secretName}`); + } catch (error) { + if (error.name === 'ResourceExistsException') { + const updateCommand = new PutSecretValueCommand({ + SecretId: secretName, + SecretString: secretValue, + }); + await client.send(updateCommand); + console.log(`Successfully updated existing secret in AWS Secrets Manager: ${secretName}`); + } else { + console.error(`Error storing credentials in AWS Secrets Manager:`, error); + } + } +} + +async function genRpcAuthStr(username, password, salt) { + const rpcauth = genRpcAuth(username, password, salt); + const str = `rpcauth=${rpcauth.username}:${rpcauth.salt}$${rpcauth.hash}`; + const strEscapeCharacter = `${rpcauth.username}:${rpcauth.salt}\\$${rpcauth.hash}`; + console.log(`Username: ${rpcauth.username}`); + console.log("Password generated securely and stored in Secrets Manager"); + console.log(`rpcauth string with escape character: ${strEscapeCharacter}`); // Print the rpcauth string + + // Write to bitcoin.conf + writeRpcAuthToConf(str); + + // Store in AWS Secrets Manager + await storeCredentialsInAWS(rpcauth.username, rpcauth.password); + + return str; +} + +// Example usage +genRpcAuthStr(); + +module.exports = { + genSalt, + genPass, + genUser, + genHash, + genRpcAuth, + genRpcAuthStr, +}; diff --git a/lib/bitcoin-core/lib/assets/bitcoin-setup.sh b/lib/bitcoin-core/lib/assets/bitcoin-setup.sh new file mode 100755 index 00000000..fc0724b6 --- /dev/null +++ b/lib/bitcoin-core/lib/assets/bitcoin-setup.sh @@ -0,0 +1,8 @@ +#!/bin/bash +# This script is used to set up a mainnet Bitcoin Core node on an Amazon Linux 2 instance. +yum update -y +amazon-linux-extras install docker -y +service docker start +mkdir -p /home/bitcoin/.bitcoin +echo "${BITCOIN_CONF}" > /home/bitcoin/.bitcoin/bitcoin.conf +docker run -d --name bitcoind -v /home/bitcoin/.bitcoin:/root/.bitcoin -p 8333:8333 -p 8332:8332 bitcoin/bitcoin:latest bash -c "chown -R bitcoin:bitcoin /root/.bitcoin && bitcoind" diff --git a/lib/bitcoin-core/lib/assets/blockheight-cron.sh b/lib/bitcoin-core/lib/assets/blockheight-cron.sh new file mode 100755 index 00000000..fcc7f192 --- /dev/null +++ b/lib/bitcoin-core/lib/assets/blockheight-cron.sh @@ -0,0 +1,4 @@ +#!/bin/bash +# This script is used to set up a cron job to send the Bitcoin block height to Amazon CloudWatch every 5 minutes. +REGION=${AWS_REGION} +(crontab -l 2>/dev/null; echo "*/5 * * * * sudo /usr/bin/docker exec bitcoind bitcoin-cli getblockcount | xargs -I {} sudo /usr/bin/aws cloudwatch put-metric-data --metric-name BlockHeight --namespace Bitcoin --unit Count --value {} --region $REGION") | crontab - diff --git a/lib/bitcoin-core/lib/assets/cloudwatch-setup.sh b/lib/bitcoin-core/lib/assets/cloudwatch-setup.sh new file mode 100755 index 00000000..831788bb --- /dev/null +++ b/lib/bitcoin-core/lib/assets/cloudwatch-setup.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# This script is used to set up the Amazon CloudWatch agent on an Amazon Linux 2 instance. + +yum install -y amazon-cloudwatch-agent +mkdir -p /opt/aws/amazon-cloudwatch-agent/etc +cat < /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json +{ + "metrics": { + "metrics_collected": { + "disk": { + "measurement": ["used_percent", "inodes_free"], + "resources": ["*"], + "ignore_file_system_types": ["sysfs", "devtmpfs"] + }, + "mem": { + "measurement": ["mem_used_percent"] + }, + "cpu": { + "measurement": ["cpu_usage_idle", "cpu_usage_user", "cpu_usage_system"] + }, + "net": { + "measurement": ["net_bytes_sent", "net_bytes_recv"], + "resources": ["eth0"] + } + } + } +} +EOF + +/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json -s diff --git a/lib/bitcoin-core/lib/bitcoin.conf b/lib/bitcoin-core/lib/bitcoin.conf new file mode 100644 index 00000000..c0b7a72e --- /dev/null +++ b/lib/bitcoin-core/lib/bitcoin.conf @@ -0,0 +1,5 @@ +server=1 +rpcallowip=0.0.0.0/0 +txindex=1 +rpcbind=0.0.0.0:8332 +datadir=/home/bitcoin/.bitcoin diff --git a/lib/bitcoin-core/lib/common-infra.js b/lib/bitcoin-core/lib/common-infra.js new file mode 100644 index 00000000..a737513d --- /dev/null +++ b/lib/bitcoin-core/lib/common-infra.js @@ -0,0 +1,39 @@ +const cdk = require("aws-cdk-lib"); +const iam = require("aws-cdk-lib/aws-iam"); +const nag = require("cdk-nag"); + +class BitcoinCommonStack extends cdk.Stack { + constructor(scope, id, props) { + super(scope, id, props); + + this.instanceRole = new iam.Role(this, "BitcoinNodeRole", { + assumedBy: new iam.ServicePrincipal("ec2.amazonaws.com"), + managedPolicies: [ + iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonSSMManagedInstanceCore"), + iam.ManagedPolicy.fromAwsManagedPolicyName("CloudWatchAgentServerPolicy"), + ], + }); + + new cdk.CfnOutput(this, "InstanceRoleArn", { + value: this.instanceRole.roleArn, + exportName: "BitcoinNodeInstanceRoleArn", + }); + + // cdk-nag suppressions + nag.NagSuppressions.addResourceSuppressions( + this.instanceRole, + [ + { + id: "AwsSolutions-IAM4", + reason: "AmazonSSMManagedInstanceCore and CloudWatchAgentServerPolicy are sufficient for this use case.", + }, + { + id: "AwsSolutions-IAM5", + reason: "Managed policies and wildcard usage are acceptable for this limited-scope Bitcoin node role.", + }, + ] + ); + } +} + +module.exports = { BitcoinCommonStack }; diff --git a/lib/bitcoin-core/lib/constructs/bitcoin-mainnet-security-group.js b/lib/bitcoin-core/lib/constructs/bitcoin-mainnet-security-group.js new file mode 100644 index 00000000..5231ccb3 --- /dev/null +++ b/lib/bitcoin-core/lib/constructs/bitcoin-mainnet-security-group.js @@ -0,0 +1,20 @@ +const { Construct } = require('constructs'); +const ec2 = require('aws-cdk-lib/aws-ec2'); + +class BitcoinSecurityGroup extends Construct { + constructor(scope, id, vpc) { + super(scope, id); + + const sg = new ec2.SecurityGroup(this, 'BitcoinSG', { + vpc, + allowAllOutbound: true, + }); + + sg.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(8333), 'Bitcoin P2P'); + sg.addIngressRule(ec2.Peer.ipv4(vpc.vpcCidrBlock), ec2.Port.tcp(8332), 'Bitcoin RPC from VPC'); + + this.securityGroup = sg; + } +} + +module.exports = { BitcoinSecurityGroup }; diff --git a/lib/bitcoin-core/lib/ha-node-stack.js b/lib/bitcoin-core/lib/ha-node-stack.js new file mode 100644 index 00000000..da1f48f2 --- /dev/null +++ b/lib/bitcoin-core/lib/ha-node-stack.js @@ -0,0 +1,217 @@ +const cdk = require('aws-cdk-lib'); +const ec2 = require('aws-cdk-lib/aws-ec2'); +const iam = require('aws-cdk-lib/aws-iam'); +const autoscaling = require('aws-cdk-lib/aws-autoscaling'); +const elbv2 = require('aws-cdk-lib/aws-elasticloadbalancingv2'); +const path = require('path'); +const fs = require('fs'); +const { NagSuppressions } = require('cdk-nag'); +const { BitcoinSecurityGroup } = require('./constructs/bitcoin-mainnet-security-group.js'); +require('dotenv').config(); + +//Parse env variables +const { + INSTANCE_CLASS, + INSTANCE_SIZE, + EBS_VOLUME_SIZE, + EBS_VOLUME_TYPE, + ASG_MIN_CAPACITY, + ASG_MAX_CAPACITY, + ASG_DESIRED_CAPACITY, + GP3_THROUGHPUT, + GP3_IOPS, + CPU_ARCHITECTURE, + AWS_REGION +} = process.env; + + +class HABitcoinCoreNodeStack extends cdk.Stack { + constructor(scope, id, props) { + super(scope, id, props); + + // Create VPC + const vpc = ec2.Vpc.fromLookup(this, 'DefaultVPC', { + isDefault: true, + }); + + // Security Group for the Load Balancer + const lbSg = new ec2.SecurityGroup(this, 'BitcoinLBSG', { + vpc, + allowAllOutbound: true, + }); + lbSg.addIngressRule(ec2.Peer.ipv4(vpc.vpcCidrBlock), ec2.Port.tcp(80), 'Bitcoin RPC'); + + // Security Group for EC2 instances + const sgConstruct = new BitcoinSecurityGroup(this, 'BitcoinSecurityGroup', vpc); + const ec2Sg = sgConstruct.securityGroup; + + // IAM Role for EC2 + const role = props.instanceRole; + + // Load user data script from /assets/ + const bitcoinSetup = fs.readFileSync(path.join(__dirname, 'assets', 'bitcoin-setup.sh'), 'utf8'); + + // Load bitcoin.conf file + const bitcoinConfPath = path.join(__dirname, 'bitcoin.conf'); + const bitcoinConfContent = fs.readFileSync(bitcoinConfPath, 'utf8'); + + // User data for EC2 instance + const userData = ec2.UserData.forLinux(); + userData.addCommands( + `export AWS_REGION='${AWS_REGION}'`, + `export BITCOIN_CONF='${bitcoinConfContent}'`, + bitcoinSetup + ); + + // Determine CPU architecture + const arch = CPU_ARCHITECTURE === 'ARM64' ? ec2.AmazonLinuxCpuType.ARM_64 : ec2.AmazonLinuxCpuType.X86_64; + const machineImage = ec2.MachineImage.latestAmazonLinux2({ cpuType: arch }); + // Application Load Balancer + const lb = new elbv2.ApplicationLoadBalancer(this, 'BitcoinLB', { + vpc, + internetFacing: false, + securityGroup: lbSg, + }); + + // Create target group with health check configuration + const targetGroup = new elbv2.ApplicationTargetGroup(this, 'BitcoinTG', { + vpc, + port: 8332, + protocol: elbv2.ApplicationProtocol.HTTP, + targetType: elbv2.TargetType.INSTANCE, + healthCheck: { + protocol: elbv2.Protocol.HTTP, + port: '8332', + path: '/', + healthyHttpCodes: '200-499', + interval: cdk.Duration.seconds(30), + timeout: cdk.Duration.seconds(5), + healthyThresholdCount: 2, + unhealthyThresholdCount: 2, + }, + stickinessCookieDuration: cdk.Duration.hours(1.5), + stickinessCookieName: 'BitcoinStickySession', + stickinessEnabled: true, + }); + + // Add listener to the load balancer with forwarding rule + lb.addListener('RPCListener', { + port: 80, + open: false, + protocol: elbv2.ApplicationProtocol.HTTP, + defaultAction: elbv2.ListenerAction.forward([targetGroup]), + }); + + + + // Configure block devices + const blockDevices = [{ + deviceName: '/dev/xvda', + volume: ec2.BlockDeviceVolume.ebs( + Number(EBS_VOLUME_SIZE), + { + volumeType: ec2.EbsDeviceVolumeType[EBS_VOLUME_TYPE], + encrypted: true, + iops: Number(GP3_IOPS), + throughput: Number(GP3_THROUGHPUT) + } + ), + }]; + + // Create Launch Template + const launchTemplate = new ec2.LaunchTemplate(this, 'BitcoinLaunchTemplate', { + instanceType: ec2.InstanceType.of( + ec2.InstanceClass[INSTANCE_CLASS], + ec2.InstanceSize[INSTANCE_SIZE] + ), + machineImage, + userData, + role, + securityGroup: ec2Sg, + blockDevices, + }); + + + // Auto Scaling Group with Launch Template + const asg = new autoscaling.AutoScalingGroup(this, 'BitcoinASG', { + vpc, + launchTemplate: launchTemplate, + minCapacity: Number(ASG_MIN_CAPACITY), + maxCapacity: Number(ASG_MAX_CAPACITY), + desiredCapacity: Number(ASG_DESIRED_CAPACITY), + }); + + // Attach the ASG to the Target Group + targetGroup.addTarget(asg); + + new cdk.CfnOutput(this, 'LoadBalancerDNS', { + value: lb.loadBalancerDnsName, + description: 'DNS name of the Load Balancer', + exportName: 'BitcoinLoadBalancerDNS', + }); + + // Suppress VPC Flow Log warning + NagSuppressions.addResourceSuppressions( + vpc, + [ + { + id: 'AwsSolutions-VPC7', + reason: 'Flow logs are not required for this specific setup as it is a high-availability Bitcoin node stack where logging may add unnecessary costs and complexity.', + }, + ], + ); + + // Suppress Load Balancer Security Group warning + NagSuppressions.addResourceSuppressions( + lbSg, + [ + { + id: 'AwsSolutions-EC23', + reason: 'CDK Nag validation failure due to intrinsic function reference, which is expected behavior.', + }, + ], + ); + + // Suppress EC2 Security Group warning + NagSuppressions.addResourceSuppressions( + ec2Sg, + [ + { + id: 'AwsSolutions-EC23', + reason: 'Inbound access is required for Bitcoin P2P communication, which relies on open access for peer connections.', + }, + ], + ); + + + // Suppress Load Balancer logging warning + NagSuppressions.addResourceSuppressions( + lb, + [ + { + id: 'AwsSolutions-ELB2', + reason: 'Access logging is not required for this application to minimize operational costs.', + }, + ], + ); + + // Suppress Auto Scaling Group warnings + NagSuppressions.addResourceSuppressions( + asg, + [ + { + id: 'AwsSolutions-AS3', + reason: 'Auto Scaling Group does not require notifications for scaling events in this non-critical application.', + }, + { + id: 'AwsSolutions-AS3', + reason: 'Setting the desired capacity is intentional and necessary for the stability and reliability of the application.', + }, + ], + ); + + } +} + + +module.exports = { HABitcoinCoreNodeStack }; diff --git a/lib/bitcoin-core/lib/single-node-stack.js b/lib/bitcoin-core/lib/single-node-stack.js new file mode 100644 index 00000000..af7afa33 --- /dev/null +++ b/lib/bitcoin-core/lib/single-node-stack.js @@ -0,0 +1,166 @@ +const cdk = require('aws-cdk-lib'); +const ec2 = require('aws-cdk-lib/aws-ec2'); +const iam = require('aws-cdk-lib/aws-iam'); +const cloudwatch = require('aws-cdk-lib/aws-cloudwatch'); +const path = require('path'); +const fs = require('fs'); +const { NagSuppressions } = require('cdk-nag'); +const { BitcoinSecurityGroup } = require('./constructs/bitcoin-mainnet-security-group.js'); +require('dotenv').config(); + +//Parse env variables +const { + INSTANCE_CLASS, + INSTANCE_SIZE, + EBS_VOLUME_SIZE, + EBS_VOLUME_TYPE, + GP3_THROUGHPUT, + GP3_IOPS, + CPU_ARCHITECTURE, + USE_INSTANCE_STORE +} = process.env; + +class SingleNodeBitcoinCoreStack extends cdk.Stack { + constructor(scope, id, props) { + super(scope, id, props); + + // Retrieve region + const region = cdk.Stack.of(this).region; + + // Create VPC + const vpc = ec2.Vpc.fromLookup(this, 'DefaultVPC', { + isDefault: true, + }); + + const sgConstruct = new BitcoinSecurityGroup(this, 'BitcoinSecurityGroup', vpc); + const sg = sgConstruct.securityGroup; + + // IAM Role for EC2 + const role = props.instanceRole; + + // Load scripts from /assets/ + const bitcoinSetup = fs.readFileSync(path.join(__dirname, 'assets', 'bitcoin-setup.sh'), 'utf8'); + const cloudwatchSetup = fs.readFileSync(path.join(__dirname, 'assets', 'cloudwatch-setup.sh'), 'utf8'); + const blockheightCron = fs.readFileSync(path.join(__dirname, 'assets', 'blockheight-cron.sh'), 'utf8'); + + // Load bitcoin.conf file + const bitcoinConfPath = path.join(__dirname, 'bitcoin.conf'); + const bitcoinConfContent = fs.readFileSync(bitcoinConfPath, 'utf8'); + + // User data for EC2 instance + const userData = ec2.UserData.forLinux(); + userData.addCommands( + `export AWS_REGION='${region}'`, + `export BITCOIN_CONF='${bitcoinConfContent}'`, + bitcoinSetup, + cloudwatchSetup, + blockheightCron + ); + + // Determine CPU architecture + const arch = CPU_ARCHITECTURE === 'ARM64' ? ec2.AmazonLinuxCpuType.ARM_64 : ec2.AmazonLinuxCpuType.X86_64; + const machineImage = ec2.MachineImage.latestAmazonLinux2({ cpuType: arch }); + + + // configure EBS block devices + const blockDevices = [ + { + deviceName: '/dev/xvda', + volume: ec2.BlockDeviceVolume.ebs( + Number(EBS_VOLUME_SIZE), + { + volumeType: ec2.EbsDeviceVolumeType[EBS_VOLUME_TYPE], + encrypted: true, + iops: Number(GP3_IOPS), + throughput: Number(GP3_THROUGHPUT), + } + ), + }, + ]; + + + // EC2 Instance + const instance = new ec2.Instance(this, 'BitcoinSingleNode', { + vpc, + instanceType: ec2.InstanceType.of( + ec2.InstanceClass[INSTANCE_CLASS], + ec2.InstanceSize[INSTANCE_SIZE] + ), + machineImage, + role, + securityGroup: sg, + blockDevices, + userData, + }); + + new cdk.CfnOutput(this, 'BitcoinNodePrivateIP', { + value: instance.instancePrivateIp, + description: 'Private IP of the Bitcoin Node', + }); + + new cdk.CfnOutput(this, 'BitcoinNodeInstanceId', { + value: instance.instanceId, + description: 'Instance ID of the Bitcoin Node (used for SSM)', + }); + + // CloudWatch Dashboard + const dashboard = new cloudwatch.Dashboard(this, 'BitcoinNodeDashboard', { dashboardName: 'BitcoinNodeMetrics' }); + const cpuWidget = new cloudwatch.GraphWidget({ title: 'CPU Usage', left: [new cloudwatch.Metric({ namespace: 'AWS/EC2', metricName: 'CPUUtilization', dimensionsMap: { InstanceId: instance.instanceId }, statistic: 'Average', period: cdk.Duration.minutes(5) })] }); + const diskUsageWidget = new cloudwatch.GraphWidget({ title: 'Disk Usage (%)', left: [new cloudwatch.Metric({ namespace: 'CWAgent', metricName: 'disk_used_percent', dimensionsMap: { host: instance.instancePrivateDnsName, device: 'nvme0n1p1', path: '/', fstype: 'xfs' }, statistic: 'Average', period: cdk.Duration.minutes(5) })] }); + const memoryWidget = new cloudwatch.GraphWidget({ title: 'Memory Usage', left: [new cloudwatch.Metric({ namespace: 'CWAgent', metricName: 'mem_used_percent', dimensionsMap: { host: instance.instancePrivateDnsName }, statistic: 'Average', period: cdk.Duration.minutes(5) })] }); + const networkWidget = new cloudwatch.GraphWidget({ title: 'Network Bytes In/Out', left: [new cloudwatch.Metric({ namespace: 'CWAgent', metricName: 'net_bytes_sent', dimensionsMap: { host: instance.instancePrivateDnsName, interface: 'eth0' }, statistic: 'Sum', period: cdk.Duration.minutes(5) }), new cloudwatch.Metric({ namespace: 'CWAgent', metricName: 'net_bytes_recv', dimensionsMap: { host: instance.instancePrivateDnsName, interface: 'eth0' }, statistic: 'Sum', period: cdk.Duration.minutes(5) })] }); + const blockHeightWidget = new cloudwatch.GraphWidget({ title: 'Bitcoin Block Height', left: [new cloudwatch.Metric({ namespace: 'Bitcoin', metricName: 'BlockHeight', statistic: 'Average', period: cdk.Duration.minutes(5) })] }); + dashboard.addWidgets(cpuWidget, diskUsageWidget, memoryWidget, networkWidget, blockHeightWidget); + + // Suppress VPC Flow Log warning + NagSuppressions.addResourceSuppressions( + vpc, + [ + { + id: 'AwsSolutions-VPC7', + reason: 'Flow logs are not required for this specific setup.', + }, + ], + ); + + // Suppress Security Group warning about open ingress + NagSuppressions.addResourceSuppressions( + sg, + [ + { + id: 'AwsSolutions-EC23', + reason: 'Inbound access is needed for Bitcoin P2P communication.', + }, + ], + ); + + // Suppress EC2 instance monitoring and ASG warnings + NagSuppressions.addResourceSuppressions( + instance, + [ + { + id: 'AwsSolutions-EC28', + reason: 'Detailed monitoring is not required for this application.', + }, + { + id: 'AwsSolutions-EC29', + reason: 'The EC2 instance is standalone and not part of an ASG, as this is a single-node Bitcoin core setup.', + }, + ], + ); + + NagSuppressions.addResourceSuppressions( + instance, + [ + { + id: 'AwsSolutions-EC26', + reason: 'EBS encryption is not required for this specific application.', + }, + ], + ); + + + } +} + +module.exports = { SingleNodeBitcoinCoreStack }; diff --git a/lib/bitcoin-core/package.json b/lib/bitcoin-core/package.json new file mode 100644 index 00000000..2f11f272 --- /dev/null +++ b/lib/bitcoin-core/package.json @@ -0,0 +1,11 @@ +{ + "name": "aws-blockchain-node-runners-bitcoin-core", + "version": "0.1.0", + "scripts": { + "build": "npx tsc", + "watch": "npx tsc -w", + "test": "npx jest", + "cdk": "npx cdk", + "scan-cdk": "npx cdk synth" + } +} diff --git a/lib/bitcoin-core/sample-configs/.env-sample-bitcoin-mainnet b/lib/bitcoin-core/sample-configs/.env-sample-bitcoin-mainnet new file mode 100644 index 00000000..33360014 --- /dev/null +++ b/lib/bitcoin-core/sample-configs/.env-sample-bitcoin-mainnet @@ -0,0 +1,21 @@ +AWS_ACCOUNT_ID=123456789101 +AWS_REGION=us-east-1 + +# The following configuration has been extensively tested and is recommended for use. +# The instance type is T3A, which is a cost-effective option for running Bitcoin Core. +# The instance size is LARGE, which provides a good balance of CPU and memory resources. +# The EBS volume size is set to 1000 GB, which is sufficient for storing the Bitcoin blockchain. +# The EBS volume type is GP3, which offers a good balance of performance and cost. +INSTANCE_CLASS=T3A +INSTANCE_SIZE=LARGE +EBS_VOLUME_SIZE=1000 +EBS_VOLUME_TYPE=GP3 + +ASG_MIN_CAPACITY=2 +ASG_MAX_CAPACITY=4 +ASG_DESIRED_CAPACITY=2 + +# The following configuration has been tested and proven effective for a Bitcoin Core node to achieve full synchronization without incurring additional costs: +GP3_IOPS=3000 +GP3_THROUGHPUT=125 +CPU_ARCHITECTURE=X86_64 # Options: X86_64 or ARM64 diff --git a/lib/bitcoin-core/test/ha-node-stack.test.js b/lib/bitcoin-core/test/ha-node-stack.test.js new file mode 100644 index 00000000..d08691b9 --- /dev/null +++ b/lib/bitcoin-core/test/ha-node-stack.test.js @@ -0,0 +1,83 @@ +const { Match, Template } = require('aws-cdk-lib/assertions'); +const cdk = require('aws-cdk-lib'); +const ec2 = require('aws-cdk-lib/aws-ec2'); +const iam = require('aws-cdk-lib/aws-iam'); +const { HABitcoinCoreNodeStack } = require('../lib/ha-node-stack'); + +describe('HABitcoinCoreNodeStack', () => { + test('synthesizes the way we expect', () => { + const app = new cdk.App(); + + // Create a mock stack for context and shared resources like IAM role + const mockStack = new cdk.Stack(app, 'MockStack', { + env: { + account: '123456789012', + region: 'us-east-1', + }, + }); + + // Create a mock IAM role to pass into the HA stack + const testRole = new iam.Role(mockStack, 'TestInstanceRole', { + assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), + }); + + // Instantiate the HA stack using the default VPC and injected role + const haStack = new HABitcoinCoreNodeStack(app, 'ha-bitcoin-node', { + env: { + account: '123456789012', + region: 'us-east-1', + }, + instanceRole: testRole, + }); + + const template = Template.fromStack(haStack); + + // IAM Role should not be present in this stack (provided externally), but for completeness: + template.resourceCountIs('AWS::IAM::Role', 0); + + // Launch Template should exist + template.resourceCountIs('AWS::EC2::LaunchTemplate', 1); + + // Auto Scaling Group + template.resourceCountIs('AWS::AutoScaling::AutoScalingGroup', 1); + + // Application Load Balancer + template.resourceCountIs('AWS::ElasticLoadBalancingV2::LoadBalancer', 1); + + // Target Group + template.resourceCountIs('AWS::ElasticLoadBalancingV2::TargetGroup', 1); + + // Listener + template.resourceCountIs('AWS::ElasticLoadBalancingV2::Listener', 1); + + // Confirm the ASG has correct capacity + template.hasResourceProperties('AWS::AutoScaling::AutoScalingGroup', { + MinSize: Match.anyValue(), + MaxSize: Match.anyValue(), + DesiredCapacity: Match.anyValue(), + }); + + + // Confirm LaunchTemplate references role ARN + template.hasResourceProperties('AWS::EC2::LaunchTemplate', { + LaunchTemplateData: { + IamInstanceProfile: Match.anyValue(), + ImageId: Match.anyValue(), + InstanceType: Match.anyValue(), + SecurityGroupIds: Match.anyValue(), + } + }); + + // Load Balancer Listener config + template.hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', { + Port: 80, + Protocol: 'HTTP', + }); + + // Target Group config + template.hasResourceProperties('AWS::ElasticLoadBalancingV2::TargetGroup', { + Port: 8332, + Protocol: 'HTTP', + }); + }); +}); diff --git a/lib/bitcoin-core/test/single-node-stack.test.js b/lib/bitcoin-core/test/single-node-stack.test.js new file mode 100644 index 00000000..4d143ed8 --- /dev/null +++ b/lib/bitcoin-core/test/single-node-stack.test.js @@ -0,0 +1,78 @@ +const { Match, Template } = require('aws-cdk-lib/assertions'); +const cdk = require('aws-cdk-lib'); +const { SingleNodeBitcoinCoreStack } = require('../lib/single-node-stack'); + + +describe('SingleNodeBitcoinCoreStack', () => { + test('synthesizes the way we expect', () => { + const app = new cdk.App(); + + const bitcoinNodeStack = new SingleNodeBitcoinCoreStack(app, 'bitcoin-single-node', { + env: { + account: '123456789012', // use dummy account + region: 'us-east-1', // or your preferred region + }, + }); + + + // Prepare the stack for assertions + const template = Template.fromStack(bitcoinNodeStack); + + + // Has EC2 instance security group + template.hasResourceProperties('AWS::EC2::SecurityGroup', { + VpcId: Match.anyValue(), + SecurityGroupEgress: [ + { + CidrIp: '0.0.0.0/0', + IpProtocol: '-1', + }, + ], + SecurityGroupIngress: [ + { + CidrIp: '0.0.0.0/0', + FromPort: 8333, + IpProtocol: 'tcp', + ToPort: 8333, + }, + { + CidrIp: Match.stringLikeRegexp('.*'), + FromPort: 8332, + IpProtocol: 'tcp', + ToPort: 8332, + }, + ], + }); + + // Has EC2 instance with node configuration + template.hasResourceProperties('AWS::EC2::Instance', { + InstanceType: Match.stringLikeRegexp('.*'), // accept any value including 'undefined.undefined' + BlockDeviceMappings: [{ + DeviceName: '/dev/xvda', + Ebs: Match.objectLike({ // loosen strict match on EBS + Encrypted: true, + }), + }], + SecurityGroupIds: Match.anyValue(), + SubnetId: Match.anyValue(), + UserData: Match.anyValue(), + }); + + + // Has IAM Role with necessary permissions + template.hasResourceProperties('AWS::IAM::Role', { + AssumeRolePolicyDocument: { + Statement: [{ + Action: 'sts:AssumeRole', + Effect: 'Allow', + Principal: { Service: 'ec2.amazonaws.com' }, + }], + }, + }); + + // Has CloudWatch dashboard + template.hasResourceProperties('AWS::CloudWatch::Dashboard', { + DashboardBody: Match.anyValue(), + }); + }); +}); diff --git a/package-lock.json b/package-lock.json index ae850b1e..265a4189 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,9 @@ "name": "aws-blockchain-node-runners", "version": "0.1.0", "dependencies": { + "@aws-sdk/client-secrets-manager": "^3.775.0", "aws-cdk-lib": "^2.184.0", + "base64url": "^3.0.1", "constructs": "^10.3.0", "dotenv": "^16.4.5", "source-map-support": "^0.5.21" @@ -82,6 +84,580 @@ "node": ">=10" } }, + "node_modules/@aws-crypto/sha256-browser": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-5.2.0.tgz", + "integrity": "sha512-AXfN/lGotSQwu6HNcEsIASo7kWXZ5HYWvfOmSNKDsEqC4OashTp8alTmaz+F7TC2L083SFv5RdB+qU3Vs1kZqw==", + "dependencies": { + "@aws-crypto/sha256-js": "^5.2.0", + "@aws-crypto/supports-web-crypto": "^5.2.0", + "@aws-crypto/util": "^5.2.0", + "@aws-sdk/types": "^3.222.0", + "@aws-sdk/util-locate-window": "^3.0.0", + "@smithy/util-utf8": "^2.0.0", + "tslib": "^2.6.2" + } + }, + "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", + "dependencies": { + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", + "dependencies": { + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", + "dependencies": { + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/@aws-crypto/sha256-js": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-5.2.0.tgz", + "integrity": "sha512-FFQQyu7edu4ufvIZ+OadFpHHOt+eSTBaYaki44c+akjg7qZg9oOQeLlk77F6tSYqjDAFClrHJk9tMf0HdVyOvA==", + "dependencies": { + "@aws-crypto/util": "^5.2.0", + "@aws-sdk/types": "^3.222.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/@aws-crypto/supports-web-crypto": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-5.2.0.tgz", + "integrity": "sha512-iAvUotm021kM33eCdNfwIN//F77/IADDSs58i+MDaOqFrVjZo9bAal0NK7HurRuWLLpF1iLX7gbWrjHjeo+YFg==", + "dependencies": { + "tslib": "^2.6.2" + } + }, + "node_modules/@aws-crypto/util": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@aws-crypto/util/-/util-5.2.0.tgz", + "integrity": "sha512-4RkU9EsI6ZpBve5fseQlGNUWKMa1RLPQ1dnjnQoe07ldfIzcsGb5hC5W0Dm7u423KWzawlrpbjXBrXCEv9zazQ==", + "dependencies": { + "@aws-sdk/types": "^3.222.0", + "@smithy/util-utf8": "^2.0.0", + "tslib": "^2.6.2" + } + }, + "node_modules/@aws-crypto/util/node_modules/@smithy/is-array-buffer": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", + "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", + "dependencies": { + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/@aws-crypto/util/node_modules/@smithy/util-buffer-from": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", + "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", + "dependencies": { + "@smithy/is-array-buffer": "^2.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/@aws-crypto/util/node_modules/@smithy/util-utf8": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", + "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", + "dependencies": { + "@smithy/util-buffer-from": "^2.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/@aws-sdk/client-secrets-manager": { + "version": "3.777.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-secrets-manager/-/client-secrets-manager-3.777.0.tgz", + "integrity": "sha512-HqBGQPFUZMTOkQJB6JLv7Jopfz+cBP4spzjpBlZ/JeJShMAXw9To2mxi22jU5qGGWPGH5y4tVXnw4aVf2TOPhQ==", + "dependencies": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/core": "3.775.0", + "@aws-sdk/credential-provider-node": "3.777.0", + "@aws-sdk/middleware-host-header": "3.775.0", + "@aws-sdk/middleware-logger": "3.775.0", + "@aws-sdk/middleware-recursion-detection": "3.775.0", + "@aws-sdk/middleware-user-agent": "3.775.0", + "@aws-sdk/region-config-resolver": "3.775.0", + "@aws-sdk/types": "3.775.0", + "@aws-sdk/util-endpoints": "3.775.0", + "@aws-sdk/util-user-agent-browser": "3.775.0", + "@aws-sdk/util-user-agent-node": "3.775.0", + "@smithy/config-resolver": "^4.1.0", + "@smithy/core": "^3.2.0", + "@smithy/fetch-http-handler": "^5.0.2", + "@smithy/hash-node": "^4.0.2", + "@smithy/invalid-dependency": "^4.0.2", + "@smithy/middleware-content-length": "^4.0.2", + "@smithy/middleware-endpoint": "^4.1.0", + "@smithy/middleware-retry": "^4.1.0", + "@smithy/middleware-serde": "^4.0.3", + "@smithy/middleware-stack": "^4.0.2", + "@smithy/node-config-provider": "^4.0.2", + "@smithy/node-http-handler": "^4.0.4", + "@smithy/protocol-http": "^5.1.0", + "@smithy/smithy-client": "^4.2.0", + "@smithy/types": "^4.2.0", + "@smithy/url-parser": "^4.0.2", + "@smithy/util-base64": "^4.0.0", + "@smithy/util-body-length-browser": "^4.0.0", + "@smithy/util-body-length-node": "^4.0.0", + "@smithy/util-defaults-mode-browser": "^4.0.8", + "@smithy/util-defaults-mode-node": "^4.0.8", + "@smithy/util-endpoints": "^3.0.2", + "@smithy/util-middleware": "^4.0.2", + "@smithy/util-retry": "^4.0.2", + "@smithy/util-utf8": "^4.0.0", + "@types/uuid": "^9.0.1", + "tslib": "^2.6.2", + "uuid": "^9.0.1" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/client-sso": { + "version": "3.777.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.777.0.tgz", + "integrity": "sha512-0+z6CiAYIQa7s6FJ+dpBYPi9zr9yY5jBg/4/FGcwYbmqWPXwL9Thdtr0FearYRZgKl7bhL3m3dILCCfWqr3teQ==", + "dependencies": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/core": "3.775.0", + "@aws-sdk/middleware-host-header": "3.775.0", + "@aws-sdk/middleware-logger": "3.775.0", + "@aws-sdk/middleware-recursion-detection": "3.775.0", + "@aws-sdk/middleware-user-agent": "3.775.0", + "@aws-sdk/region-config-resolver": "3.775.0", + "@aws-sdk/types": "3.775.0", + "@aws-sdk/util-endpoints": "3.775.0", + "@aws-sdk/util-user-agent-browser": "3.775.0", + "@aws-sdk/util-user-agent-node": "3.775.0", + "@smithy/config-resolver": "^4.1.0", + "@smithy/core": "^3.2.0", + "@smithy/fetch-http-handler": "^5.0.2", + "@smithy/hash-node": "^4.0.2", + "@smithy/invalid-dependency": "^4.0.2", + "@smithy/middleware-content-length": "^4.0.2", + "@smithy/middleware-endpoint": "^4.1.0", + "@smithy/middleware-retry": "^4.1.0", + "@smithy/middleware-serde": "^4.0.3", + "@smithy/middleware-stack": "^4.0.2", + "@smithy/node-config-provider": "^4.0.2", + "@smithy/node-http-handler": "^4.0.4", + "@smithy/protocol-http": "^5.1.0", + "@smithy/smithy-client": "^4.2.0", + "@smithy/types": "^4.2.0", + "@smithy/url-parser": "^4.0.2", + "@smithy/util-base64": "^4.0.0", + "@smithy/util-body-length-browser": "^4.0.0", + "@smithy/util-body-length-node": "^4.0.0", + "@smithy/util-defaults-mode-browser": "^4.0.8", + "@smithy/util-defaults-mode-node": "^4.0.8", + "@smithy/util-endpoints": "^3.0.2", + "@smithy/util-middleware": "^4.0.2", + "@smithy/util-retry": "^4.0.2", + "@smithy/util-utf8": "^4.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/core": { + "version": "3.775.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.775.0.tgz", + "integrity": "sha512-8vpW4WihVfz0DX+7WnnLGm3GuQER++b0IwQG35JlQMlgqnc44M//KbJPsIHA0aJUJVwJAEShgfr5dUbY8WUzaA==", + "dependencies": { + "@aws-sdk/types": "3.775.0", + "@smithy/core": "^3.2.0", + "@smithy/node-config-provider": "^4.0.2", + "@smithy/property-provider": "^4.0.2", + "@smithy/protocol-http": "^5.1.0", + "@smithy/signature-v4": "^5.0.2", + "@smithy/smithy-client": "^4.2.0", + "@smithy/types": "^4.2.0", + "@smithy/util-middleware": "^4.0.2", + "fast-xml-parser": "4.4.1", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/credential-provider-env": { + "version": "3.775.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.775.0.tgz", + "integrity": "sha512-6ESVxwCbGm7WZ17kY1fjmxQud43vzJFoLd4bmlR+idQSWdqlzGDYdcfzpjDKTcivdtNrVYmFvcH1JBUwCRAZhw==", + "dependencies": { + "@aws-sdk/core": "3.775.0", + "@aws-sdk/types": "3.775.0", + "@smithy/property-provider": "^4.0.2", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/credential-provider-http": { + "version": "3.775.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.775.0.tgz", + "integrity": "sha512-PjDQeDH/J1S0yWV32wCj2k5liRo0ssXMseCBEkCsD3SqsU8o5cU82b0hMX4sAib/RkglCSZqGO0xMiN0/7ndww==", + "dependencies": { + "@aws-sdk/core": "3.775.0", + "@aws-sdk/types": "3.775.0", + "@smithy/fetch-http-handler": "^5.0.2", + "@smithy/node-http-handler": "^4.0.4", + "@smithy/property-provider": "^4.0.2", + "@smithy/protocol-http": "^5.1.0", + "@smithy/smithy-client": "^4.2.0", + "@smithy/types": "^4.2.0", + "@smithy/util-stream": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/credential-provider-ini": { + "version": "3.777.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.777.0.tgz", + "integrity": "sha512-1X9mCuM9JSQPmQ+D2TODt4THy6aJWCNiURkmKmTIPRdno7EIKgAqrr/LLN++K5mBf54DZVKpqcJutXU2jwo01A==", + "dependencies": { + "@aws-sdk/core": "3.775.0", + "@aws-sdk/credential-provider-env": "3.775.0", + "@aws-sdk/credential-provider-http": "3.775.0", + "@aws-sdk/credential-provider-process": "3.775.0", + "@aws-sdk/credential-provider-sso": "3.777.0", + "@aws-sdk/credential-provider-web-identity": "3.777.0", + "@aws-sdk/nested-clients": "3.777.0", + "@aws-sdk/types": "3.775.0", + "@smithy/credential-provider-imds": "^4.0.2", + "@smithy/property-provider": "^4.0.2", + "@smithy/shared-ini-file-loader": "^4.0.2", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/credential-provider-node": { + "version": "3.777.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.777.0.tgz", + "integrity": "sha512-ZD66ywx1Q0KyUSuBXZIQzBe3Q7MzX8lNwsrCU43H3Fww+Y+HB3Ncws9grhSdNhKQNeGmZ+MgKybuZYaaeLwJEQ==", + "dependencies": { + "@aws-sdk/credential-provider-env": "3.775.0", + "@aws-sdk/credential-provider-http": "3.775.0", + "@aws-sdk/credential-provider-ini": "3.777.0", + "@aws-sdk/credential-provider-process": "3.775.0", + "@aws-sdk/credential-provider-sso": "3.777.0", + "@aws-sdk/credential-provider-web-identity": "3.777.0", + "@aws-sdk/types": "3.775.0", + "@smithy/credential-provider-imds": "^4.0.2", + "@smithy/property-provider": "^4.0.2", + "@smithy/shared-ini-file-loader": "^4.0.2", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/credential-provider-process": { + "version": "3.775.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.775.0.tgz", + "integrity": "sha512-A6k68H9rQp+2+7P7SGO90Csw6nrUEm0Qfjpn9Etc4EboZhhCLs9b66umUsTsSBHus4FDIe5JQxfCUyt1wgNogg==", + "dependencies": { + "@aws-sdk/core": "3.775.0", + "@aws-sdk/types": "3.775.0", + "@smithy/property-provider": "^4.0.2", + "@smithy/shared-ini-file-loader": "^4.0.2", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/credential-provider-sso": { + "version": "3.777.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.777.0.tgz", + "integrity": "sha512-9mPz7vk9uE4PBVprfINv4tlTkyq1OonNevx2DiXC1LY4mCUCNN3RdBwAY0BTLzj0uyc3k5KxFFNbn3/8ZDQP7w==", + "dependencies": { + "@aws-sdk/client-sso": "3.777.0", + "@aws-sdk/core": "3.775.0", + "@aws-sdk/token-providers": "3.777.0", + "@aws-sdk/types": "3.775.0", + "@smithy/property-provider": "^4.0.2", + "@smithy/shared-ini-file-loader": "^4.0.2", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/credential-provider-web-identity": { + "version": "3.777.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.777.0.tgz", + "integrity": "sha512-uGCqr47fnthkqwq5luNl2dksgcpHHjSXz2jUra7TXtFOpqvnhOW8qXjoa1ivlkq8qhqlaZwCzPdbcN0lXpmLzQ==", + "dependencies": { + "@aws-sdk/core": "3.775.0", + "@aws-sdk/nested-clients": "3.777.0", + "@aws-sdk/types": "3.775.0", + "@smithy/property-provider": "^4.0.2", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/middleware-host-header": { + "version": "3.775.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.775.0.tgz", + "integrity": "sha512-tkSegM0Z6WMXpLB8oPys/d+umYIocvO298mGvcMCncpRl77L9XkvSLJIFzaHes+o7djAgIduYw8wKIMStFss2w==", + "dependencies": { + "@aws-sdk/types": "3.775.0", + "@smithy/protocol-http": "^5.1.0", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/middleware-logger": { + "version": "3.775.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.775.0.tgz", + "integrity": "sha512-FaxO1xom4MAoUJsldmR92nT1G6uZxTdNYOFYtdHfd6N2wcNaTuxgjIvqzg5y7QIH9kn58XX/dzf1iTjgqUStZw==", + "dependencies": { + "@aws-sdk/types": "3.775.0", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/middleware-recursion-detection": { + "version": "3.775.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.775.0.tgz", + "integrity": "sha512-GLCzC8D0A0YDG5u3F5U03Vb9j5tcOEFhr8oc6PDk0k0vm5VwtZOE6LvK7hcCSoAB4HXyOUM0sQuXrbaAh9OwXA==", + "dependencies": { + "@aws-sdk/types": "3.775.0", + "@smithy/protocol-http": "^5.1.0", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/middleware-user-agent": { + "version": "3.775.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.775.0.tgz", + "integrity": "sha512-7Lffpr1ptOEDE1ZYH1T78pheEY1YmeXWBfFt/amZ6AGsKSLG+JPXvof3ltporTGR2bhH/eJPo7UHCglIuXfzYg==", + "dependencies": { + "@aws-sdk/core": "3.775.0", + "@aws-sdk/types": "3.775.0", + "@aws-sdk/util-endpoints": "3.775.0", + "@smithy/core": "^3.2.0", + "@smithy/protocol-http": "^5.1.0", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/nested-clients": { + "version": "3.777.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/nested-clients/-/nested-clients-3.777.0.tgz", + "integrity": "sha512-bmmVRsCjuYlStYPt06hr+f8iEyWg7+AklKCA8ZLDEJujXhXIowgUIqXmqpTkXwkVvDQ9tzU7hxaONjyaQCGybA==", + "dependencies": { + "@aws-crypto/sha256-browser": "5.2.0", + "@aws-crypto/sha256-js": "5.2.0", + "@aws-sdk/core": "3.775.0", + "@aws-sdk/middleware-host-header": "3.775.0", + "@aws-sdk/middleware-logger": "3.775.0", + "@aws-sdk/middleware-recursion-detection": "3.775.0", + "@aws-sdk/middleware-user-agent": "3.775.0", + "@aws-sdk/region-config-resolver": "3.775.0", + "@aws-sdk/types": "3.775.0", + "@aws-sdk/util-endpoints": "3.775.0", + "@aws-sdk/util-user-agent-browser": "3.775.0", + "@aws-sdk/util-user-agent-node": "3.775.0", + "@smithy/config-resolver": "^4.1.0", + "@smithy/core": "^3.2.0", + "@smithy/fetch-http-handler": "^5.0.2", + "@smithy/hash-node": "^4.0.2", + "@smithy/invalid-dependency": "^4.0.2", + "@smithy/middleware-content-length": "^4.0.2", + "@smithy/middleware-endpoint": "^4.1.0", + "@smithy/middleware-retry": "^4.1.0", + "@smithy/middleware-serde": "^4.0.3", + "@smithy/middleware-stack": "^4.0.2", + "@smithy/node-config-provider": "^4.0.2", + "@smithy/node-http-handler": "^4.0.4", + "@smithy/protocol-http": "^5.1.0", + "@smithy/smithy-client": "^4.2.0", + "@smithy/types": "^4.2.0", + "@smithy/url-parser": "^4.0.2", + "@smithy/util-base64": "^4.0.0", + "@smithy/util-body-length-browser": "^4.0.0", + "@smithy/util-body-length-node": "^4.0.0", + "@smithy/util-defaults-mode-browser": "^4.0.8", + "@smithy/util-defaults-mode-node": "^4.0.8", + "@smithy/util-endpoints": "^3.0.2", + "@smithy/util-middleware": "^4.0.2", + "@smithy/util-retry": "^4.0.2", + "@smithy/util-utf8": "^4.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/region-config-resolver": { + "version": "3.775.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.775.0.tgz", + "integrity": "sha512-40iH3LJjrQS3LKUJAl7Wj0bln7RFPEvUYKFxtP8a+oKFDO0F65F52xZxIJbPn6sHkxWDAnZlGgdjZXM3p2g5wQ==", + "dependencies": { + "@aws-sdk/types": "3.775.0", + "@smithy/node-config-provider": "^4.0.2", + "@smithy/types": "^4.2.0", + "@smithy/util-config-provider": "^4.0.0", + "@smithy/util-middleware": "^4.0.2", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/token-providers": { + "version": "3.777.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.777.0.tgz", + "integrity": "sha512-Yc2cDONsHOa4dTSGOev6Ng2QgTKQUEjaUnsyKd13pc/nLLz/WLqHiQ/o7PcnKERJxXGs1g1C6l3sNXiX+kbnFQ==", + "dependencies": { + "@aws-sdk/nested-clients": "3.777.0", + "@aws-sdk/types": "3.775.0", + "@smithy/property-provider": "^4.0.2", + "@smithy/shared-ini-file-loader": "^4.0.2", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/types": { + "version": "3.775.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.775.0.tgz", + "integrity": "sha512-ZoGKwa4C9fC9Av6bdfqcW6Ix5ot05F/S4VxWR2nHuMv7hzfmAjTOcUiWT7UR4hM/U0whf84VhDtXN/DWAk52KA==", + "dependencies": { + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/util-endpoints": { + "version": "3.775.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.775.0.tgz", + "integrity": "sha512-yjWmUgZC9tUxAo8Uaplqmq0eUh0zrbZJdwxGRKdYxfm4RG6fMw1tj52+KkatH7o+mNZvg1GDcVp/INktxonJLw==", + "dependencies": { + "@aws-sdk/types": "3.775.0", + "@smithy/types": "^4.2.0", + "@smithy/util-endpoints": "^3.0.2", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/util-locate-window": { + "version": "3.723.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.723.0.tgz", + "integrity": "sha512-Yf2CS10BqK688DRsrKI/EO6B8ff5J86NXe4C+VCysK7UOgN0l1zOTeTukZ3H8Q9tYYX3oaF1961o8vRkFm7Nmw==", + "dependencies": { + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@aws-sdk/util-user-agent-browser": { + "version": "3.775.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.775.0.tgz", + "integrity": "sha512-txw2wkiJmZKVdDbscK7VBK+u+TJnRtlUjRTLei+elZg2ADhpQxfVAQl436FUeIv6AhB/oRHW6/K/EAGXUSWi0A==", + "dependencies": { + "@aws-sdk/types": "3.775.0", + "@smithy/types": "^4.2.0", + "bowser": "^2.11.0", + "tslib": "^2.6.2" + } + }, + "node_modules/@aws-sdk/util-user-agent-node": { + "version": "3.775.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.775.0.tgz", + "integrity": "sha512-N9yhTevbizTOMo3drH7Eoy6OkJ3iVPxhV7dwb6CMAObbLneS36CSfA6xQXupmHWcRvZPTz8rd1JGG3HzFOau+g==", + "dependencies": { + "@aws-sdk/middleware-user-agent": "3.775.0", + "@aws-sdk/types": "3.775.0", + "@smithy/node-config-provider": "^4.0.2", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + }, + "peerDependencies": { + "aws-crt": ">=1.0.0" + }, + "peerDependenciesMeta": { + "aws-crt": { + "optional": true + } + } + }, "node_modules/@babel/code-frame": { "version": "7.26.2", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.26.2.tgz", @@ -931,6 +1507,532 @@ "@sinonjs/commons": "^3.0.0" } }, + "node_modules/@smithy/abort-controller": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-4.0.2.tgz", + "integrity": "sha512-Sl/78VDtgqKxN2+1qduaVE140XF+Xg+TafkncspwM4jFP/LHr76ZHmIY/y3V1M0mMLNk+Je6IGbzxy23RSToMw==", + "dependencies": { + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/config-resolver": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-4.1.0.tgz", + "integrity": "sha512-8smPlwhga22pwl23fM5ew4T9vfLUCeFXlcqNOCD5M5h8VmNPNUE9j6bQSuRXpDSV11L/E/SwEBQuW8hr6+nS1A==", + "dependencies": { + "@smithy/node-config-provider": "^4.0.2", + "@smithy/types": "^4.2.0", + "@smithy/util-config-provider": "^4.0.0", + "@smithy/util-middleware": "^4.0.2", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/core": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/@smithy/core/-/core-3.2.0.tgz", + "integrity": "sha512-k17bgQhVZ7YmUvA8at4af1TDpl0NDMBuBKJl8Yg0nrefwmValU+CnA5l/AriVdQNthU/33H3nK71HrLgqOPr1Q==", + "dependencies": { + "@smithy/middleware-serde": "^4.0.3", + "@smithy/protocol-http": "^5.1.0", + "@smithy/types": "^4.2.0", + "@smithy/util-body-length-browser": "^4.0.0", + "@smithy/util-middleware": "^4.0.2", + "@smithy/util-stream": "^4.2.0", + "@smithy/util-utf8": "^4.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/credential-provider-imds": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-4.0.2.tgz", + "integrity": "sha512-32lVig6jCaWBHnY+OEQ6e6Vnt5vDHaLiydGrwYMW9tPqO688hPGTYRamYJ1EptxEC2rAwJrHWmPoKRBl4iTa8w==", + "dependencies": { + "@smithy/node-config-provider": "^4.0.2", + "@smithy/property-provider": "^4.0.2", + "@smithy/types": "^4.2.0", + "@smithy/url-parser": "^4.0.2", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/fetch-http-handler": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-5.0.2.tgz", + "integrity": "sha512-+9Dz8sakS9pe7f2cBocpJXdeVjMopUDLgZs1yWeu7h++WqSbjUYv/JAJwKwXw1HV6gq1jyWjxuyn24E2GhoEcQ==", + "dependencies": { + "@smithy/protocol-http": "^5.1.0", + "@smithy/querystring-builder": "^4.0.2", + "@smithy/types": "^4.2.0", + "@smithy/util-base64": "^4.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/hash-node": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-4.0.2.tgz", + "integrity": "sha512-VnTpYPnRUE7yVhWozFdlxcYknv9UN7CeOqSrMH+V877v4oqtVYuoqhIhtSjmGPvYrYnAkaM61sLMKHvxL138yg==", + "dependencies": { + "@smithy/types": "^4.2.0", + "@smithy/util-buffer-from": "^4.0.0", + "@smithy/util-utf8": "^4.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/invalid-dependency": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-4.0.2.tgz", + "integrity": "sha512-GatB4+2DTpgWPday+mnUkoumP54u/MDM/5u44KF9hIu8jF0uafZtQLcdfIKkIcUNuF/fBojpLEHZS/56JqPeXQ==", + "dependencies": { + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/is-array-buffer": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-4.0.0.tgz", + "integrity": "sha512-saYhF8ZZNoJDTvJBEWgeBccCg+yvp1CX+ed12yORU3NilJScfc6gfch2oVb4QgxZrGUx3/ZJlb+c/dJbyupxlw==", + "dependencies": { + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/middleware-content-length": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-4.0.2.tgz", + "integrity": "sha512-hAfEXm1zU+ELvucxqQ7I8SszwQ4znWMbNv6PLMndN83JJN41EPuS93AIyh2N+gJ6x8QFhzSO6b7q2e6oClDI8A==", + "dependencies": { + "@smithy/protocol-http": "^5.1.0", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/middleware-endpoint": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-4.1.0.tgz", + "integrity": "sha512-xhLimgNCbCzsUppRTGXWkZywksuTThxaIB0HwbpsVLY5sceac4e1TZ/WKYqufQLaUy+gUSJGNdwD2jo3cXL0iA==", + "dependencies": { + "@smithy/core": "^3.2.0", + "@smithy/middleware-serde": "^4.0.3", + "@smithy/node-config-provider": "^4.0.2", + "@smithy/shared-ini-file-loader": "^4.0.2", + "@smithy/types": "^4.2.0", + "@smithy/url-parser": "^4.0.2", + "@smithy/util-middleware": "^4.0.2", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/middleware-retry": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-4.1.0.tgz", + "integrity": "sha512-2zAagd1s6hAaI/ap6SXi5T3dDwBOczOMCSkkYzktqN1+tzbk1GAsHNAdo/1uzxz3Ky02jvZQwbi/vmDA6z4Oyg==", + "dependencies": { + "@smithy/node-config-provider": "^4.0.2", + "@smithy/protocol-http": "^5.1.0", + "@smithy/service-error-classification": "^4.0.2", + "@smithy/smithy-client": "^4.2.0", + "@smithy/types": "^4.2.0", + "@smithy/util-middleware": "^4.0.2", + "@smithy/util-retry": "^4.0.2", + "tslib": "^2.6.2", + "uuid": "^9.0.1" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/middleware-serde": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-4.0.3.tgz", + "integrity": "sha512-rfgDVrgLEVMmMn0BI8O+8OVr6vXzjV7HZj57l0QxslhzbvVfikZbVfBVthjLHqib4BW44QhcIgJpvebHlRaC9A==", + "dependencies": { + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/middleware-stack": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-4.0.2.tgz", + "integrity": "sha512-eSPVcuJJGVYrFYu2hEq8g8WWdJav3sdrI4o2c6z/rjnYDd3xH9j9E7deZQCzFn4QvGPouLngH3dQ+QVTxv5bOQ==", + "dependencies": { + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/node-config-provider": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-4.0.2.tgz", + "integrity": "sha512-WgCkILRZfJwJ4Da92a6t3ozN/zcvYyJGUTmfGbgS/FkCcoCjl7G4FJaCDN1ySdvLvemnQeo25FdkyMSTSwulsw==", + "dependencies": { + "@smithy/property-provider": "^4.0.2", + "@smithy/shared-ini-file-loader": "^4.0.2", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/node-http-handler": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-4.0.4.tgz", + "integrity": "sha512-/mdqabuAT3o/ihBGjL94PUbTSPSRJ0eeVTdgADzow0wRJ0rN4A27EOrtlK56MYiO1fDvlO3jVTCxQtQmK9dZ1g==", + "dependencies": { + "@smithy/abort-controller": "^4.0.2", + "@smithy/protocol-http": "^5.1.0", + "@smithy/querystring-builder": "^4.0.2", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/property-provider": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-4.0.2.tgz", + "integrity": "sha512-wNRoQC1uISOuNc2s4hkOYwYllmiyrvVXWMtq+TysNRVQaHm4yoafYQyjN/goYZS+QbYlPIbb/QRjaUZMuzwQ7A==", + "dependencies": { + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/protocol-http": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-5.1.0.tgz", + "integrity": "sha512-KxAOL1nUNw2JTYrtviRRjEnykIDhxc84qMBzxvu1MUfQfHTuBlCG7PA6EdVwqpJjH7glw7FqQoFxUJSyBQgu7g==", + "dependencies": { + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/querystring-builder": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-4.0.2.tgz", + "integrity": "sha512-NTOs0FwHw1vimmQM4ebh+wFQvOwkEf/kQL6bSM1Lock+Bv4I89B3hGYoUEPkmvYPkDKyp5UdXJYu+PoTQ3T31Q==", + "dependencies": { + "@smithy/types": "^4.2.0", + "@smithy/util-uri-escape": "^4.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/querystring-parser": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-4.0.2.tgz", + "integrity": "sha512-v6w8wnmZcVXjfVLjxw8qF7OwESD9wnpjp0Dqry/Pod0/5vcEA3qxCr+BhbOHlxS8O+29eLpT3aagxXGwIoEk7Q==", + "dependencies": { + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/service-error-classification": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-4.0.2.tgz", + "integrity": "sha512-LA86xeFpTKn270Hbkixqs5n73S+LVM0/VZco8dqd+JT75Dyx3Lcw/MraL7ybjmz786+160K8rPOmhsq0SocoJQ==", + "dependencies": { + "@smithy/types": "^4.2.0" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/shared-ini-file-loader": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-4.0.2.tgz", + "integrity": "sha512-J9/gTWBGVuFZ01oVA6vdb4DAjf1XbDhK6sLsu3OS9qmLrS6KB5ygpeHiM3miIbj1qgSJ96GYszXFWv6ErJ8QEw==", + "dependencies": { + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/signature-v4": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-5.0.2.tgz", + "integrity": "sha512-Mz+mc7okA73Lyz8zQKJNyr7lIcHLiPYp0+oiqiMNc/t7/Kf2BENs5d63pEj7oPqdjaum6g0Fc8wC78dY1TgtXw==", + "dependencies": { + "@smithy/is-array-buffer": "^4.0.0", + "@smithy/protocol-http": "^5.1.0", + "@smithy/types": "^4.2.0", + "@smithy/util-hex-encoding": "^4.0.0", + "@smithy/util-middleware": "^4.0.2", + "@smithy/util-uri-escape": "^4.0.0", + "@smithy/util-utf8": "^4.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/smithy-client": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-4.2.0.tgz", + "integrity": "sha512-Qs65/w30pWV7LSFAez9DKy0Koaoh3iHhpcpCCJ4waj/iqwsuSzJna2+vYwq46yBaqO5ZbP9TjUsATUNxrKeBdw==", + "dependencies": { + "@smithy/core": "^3.2.0", + "@smithy/middleware-endpoint": "^4.1.0", + "@smithy/middleware-stack": "^4.0.2", + "@smithy/protocol-http": "^5.1.0", + "@smithy/types": "^4.2.0", + "@smithy/util-stream": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/types": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@smithy/types/-/types-4.2.0.tgz", + "integrity": "sha512-7eMk09zQKCO+E/ivsjQv+fDlOupcFUCSC/L2YUPgwhvowVGWbPQHjEFcmjt7QQ4ra5lyowS92SV53Zc6XD4+fg==", + "dependencies": { + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/url-parser": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-4.0.2.tgz", + "integrity": "sha512-Bm8n3j2ScqnT+kJaClSVCMeiSenK6jVAzZCNewsYWuZtnBehEz4r2qP0riZySZVfzB+03XZHJeqfmJDkeeSLiQ==", + "dependencies": { + "@smithy/querystring-parser": "^4.0.2", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-base64": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-4.0.0.tgz", + "integrity": "sha512-CvHfCmO2mchox9kjrtzoHkWHxjHZzaFojLc8quxXY7WAAMAg43nuxwv95tATVgQFNDwd4M9S1qFzj40Ul41Kmg==", + "dependencies": { + "@smithy/util-buffer-from": "^4.0.0", + "@smithy/util-utf8": "^4.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-body-length-browser": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-4.0.0.tgz", + "integrity": "sha512-sNi3DL0/k64/LO3A256M+m3CDdG6V7WKWHdAiBBMUN8S3hK3aMPhwnPik2A/a2ONN+9doY9UxaLfgqsIRg69QA==", + "dependencies": { + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-body-length-node": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-4.0.0.tgz", + "integrity": "sha512-q0iDP3VsZzqJyje8xJWEJCNIu3lktUGVoSy1KB0UWym2CL1siV3artm+u1DFYTLejpsrdGyCSWBdGNjJzfDPjg==", + "dependencies": { + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-buffer-from": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-4.0.0.tgz", + "integrity": "sha512-9TOQ7781sZvddgO8nxueKi3+yGvkY35kotA0Y6BWRajAv8jjmigQ1sBwz0UX47pQMYXJPahSKEKYFgt+rXdcug==", + "dependencies": { + "@smithy/is-array-buffer": "^4.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-config-provider": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-4.0.0.tgz", + "integrity": "sha512-L1RBVzLyfE8OXH+1hsJ8p+acNUSirQnWQ6/EgpchV88G6zGBTDPdXiiExei6Z1wR2RxYvxY/XLw6AMNCCt8H3w==", + "dependencies": { + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-defaults-mode-browser": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-4.0.8.tgz", + "integrity": "sha512-ZTypzBra+lI/LfTYZeop9UjoJhhGRTg3pxrNpfSTQLd3AJ37r2z4AXTKpq1rFXiiUIJsYyFgNJdjWRGP/cbBaQ==", + "dependencies": { + "@smithy/property-provider": "^4.0.2", + "@smithy/smithy-client": "^4.2.0", + "@smithy/types": "^4.2.0", + "bowser": "^2.11.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-defaults-mode-node": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-4.0.8.tgz", + "integrity": "sha512-Rgk0Jc/UDfRTzVthye/k2dDsz5Xxs9LZaKCNPgJTRyoyBoeiNCnHsYGOyu1PKN+sDyPnJzMOz22JbwxzBp9NNA==", + "dependencies": { + "@smithy/config-resolver": "^4.1.0", + "@smithy/credential-provider-imds": "^4.0.2", + "@smithy/node-config-provider": "^4.0.2", + "@smithy/property-provider": "^4.0.2", + "@smithy/smithy-client": "^4.2.0", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-endpoints": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-3.0.2.tgz", + "integrity": "sha512-6QSutU5ZyrpNbnd51zRTL7goojlcnuOB55+F9VBD+j8JpRY50IGamsjlycrmpn8PQkmJucFW8A0LSfXj7jjtLQ==", + "dependencies": { + "@smithy/node-config-provider": "^4.0.2", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-hex-encoding": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-4.0.0.tgz", + "integrity": "sha512-Yk5mLhHtfIgW2W2WQZWSg5kuMZCVbvhFmC7rV4IO2QqnZdbEFPmQnCcGMAX2z/8Qj3B9hYYNjZOhWym+RwhePw==", + "dependencies": { + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-middleware": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-4.0.2.tgz", + "integrity": "sha512-6GDamTGLuBQVAEuQ4yDQ+ti/YINf/MEmIegrEeg7DdB/sld8BX1lqt9RRuIcABOhAGTA50bRbPzErez7SlDtDQ==", + "dependencies": { + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-retry": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-4.0.2.tgz", + "integrity": "sha512-Qryc+QG+7BCpvjloFLQrmlSd0RsVRHejRXd78jNO3+oREueCjwG1CCEH1vduw/ZkM1U9TztwIKVIi3+8MJScGg==", + "dependencies": { + "@smithy/service-error-classification": "^4.0.2", + "@smithy/types": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-stream": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-4.2.0.tgz", + "integrity": "sha512-Vj1TtwWnuWqdgQI6YTUF5hQ/0jmFiOYsc51CSMgj7QfyO+RF4EnT2HNjoviNlOOmgzgvf3f5yno+EiC4vrnaWQ==", + "dependencies": { + "@smithy/fetch-http-handler": "^5.0.2", + "@smithy/node-http-handler": "^4.0.4", + "@smithy/types": "^4.2.0", + "@smithy/util-base64": "^4.0.0", + "@smithy/util-buffer-from": "^4.0.0", + "@smithy/util-hex-encoding": "^4.0.0", + "@smithy/util-utf8": "^4.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-uri-escape": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-4.0.0.tgz", + "integrity": "sha512-77yfbCbQMtgtTylO9itEAdpPXSog3ZxMe09AEhm0dU0NLTalV70ghDZFR+Nfi1C60jnJoh/Re4090/DuZh2Omg==", + "dependencies": { + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/util-utf8": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-4.0.0.tgz", + "integrity": "sha512-b+zebfKCfRdgNJDknHCob3O7FpeYQN6ZG6YLExMcasDHsCXlsXCEuiPZeLnJLpwa5dvPetGlnGCiMHuLwGvFow==", + "dependencies": { + "@smithy/util-buffer-from": "^4.0.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, "node_modules/@tsconfig/node10": { "version": "1.0.11", "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", @@ -1054,6 +2156,11 @@ "integrity": "sha512-9aEbYZ3TbYMznPdcdr3SmIrLXwC/AKZXQeCf9Pgao5CKb8CyHuEX5jzWPTkvregvhRJHcpRO6BFoGW9ycaOkYw==", "dev": true }, + "node_modules/@types/uuid": { + "version": "9.0.8", + "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "integrity": "sha512-jg+97EGIcY9AGHJJRaaPVgetKDsrTgbRjQ5Msgjh/DQKEFl0DtyRr/VCOyD1T2R1MNeWPK/u7JoGhlDZnKBAfA==" + }, "node_modules/@types/yargs": { "version": "17.0.33", "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.33.tgz", @@ -1643,12 +2750,27 @@ "node_modules/balanced-match": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", - "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true + }, + "node_modules/base64url": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", + "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/bowser": { + "version": "2.11.0", + "resolved": "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz", + "integrity": "sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA==" }, "node_modules/brace-expansion": { "version": "1.1.11", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, "dependencies": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" @@ -1869,7 +2991,8 @@ "node_modules/concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", - "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==" + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "dev": true }, "node_modules/constructs": { "version": "10.4.2", @@ -2134,6 +3257,27 @@ "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==", "dev": true }, + "node_modules/fast-xml-parser": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.1.tgz", + "integrity": "sha512-xkjOecfnKGkSsOwtZ5Pz7Us/T6mrbPQrq0nh+aCO5V9nk5NLWmasAHumTKjiPJPWANe+kAZ84Jc8ooJkzZ88Sw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/NaturalIntelligence" + }, + { + "type": "paypal", + "url": "https://paypal.me/naturalintelligence" + } + ], + "dependencies": { + "strnum": "^1.0.5" + }, + "bin": { + "fxparser": "src/cli/cli.js" + } + }, "node_modules/fb-watchman": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", @@ -3296,6 +4440,7 @@ "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, "dependencies": { "brace-expansion": "^1.1.7" }, @@ -3637,6 +4782,7 @@ "version": "6.3.1", "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "dev": true, "bin": { "semver": "bin/semver.js" } @@ -3787,6 +4933,17 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/strnum": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/strnum/-/strnum-1.1.2.tgz", + "integrity": "sha512-vrN+B7DBIoTTZjnPNewwhx6cBA/H+IS7rfW68n7XxC1y7uoiGQBxaKzqucGUgavX15dJgiGztLJ8vxuEzwqBdA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/NaturalIntelligence" + } + ] + }, "node_modules/supports-color": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", @@ -3959,6 +5116,11 @@ } } }, + "node_modules/tslib": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", + "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==" + }, "node_modules/type-detect": { "version": "4.0.8", "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", @@ -4029,6 +5191,18 @@ "browserslist": ">= 4.21.0" } }, + "node_modules/uuid": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "funding": [ + "https://github.com/sponsors/broofa", + "https://github.com/sponsors/ctavan" + ], + "bin": { + "uuid": "dist/bin/uuid" + } + }, "node_modules/v8-compile-cache-lib": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", diff --git a/package.json b/package.json index 3ea7052d..64ed4835 100644 --- a/package.json +++ b/package.json @@ -25,6 +25,8 @@ "aws-cdk-lib": "^2.184.0", "constructs": "^10.3.0", "dotenv": "^16.4.5", - "source-map-support": "^0.5.21" + "source-map-support": "^0.5.21", + "@aws-sdk/client-secrets-manager": "^3.775.0", + "base64url": "^3.0.1" } } diff --git a/website/docs/Blueprints/Bitcoin-Core.md b/website/docs/Blueprints/Bitcoin-Core.md new file mode 100644 index 00000000..2f204f67 --- /dev/null +++ b/website/docs/Blueprints/Bitcoin-Core.md @@ -0,0 +1,8 @@ +--- +sidebar_label: Bitcoin Core +--- +# + +import Readme from '../../../lib/bitcoin-core/README.md'; + +