New Kovan Validator: AWS Node Deployment

Install aws cli and ansible modules on control machine

  1. check if you have aws cli installed
aws --version

if not - install it following these instructions. The simplest way is to use pip:

pip install awscli --upgrade --user

Mac systems with homebrew installed:

brew install awscli
  1. Also, use pip to install the following python packages required by ansible:
sudo pip install boto
sudo pip install boto3

Configuring AWS account

Minimum node recommendations:
* Size: t3.medium, a larger instance is preferable.
* Storage: SSD rather than HDD (see here for more information).

  1. Register (if you haven’t already) and login to the AWS management console:

  2. to create credentials for cli, open IAM home, select “Users” on the left hand side navigation bar and then click “Add user”. Pick a username, and check “Programmatic access” for “Access type”. NOTE: For clarity we recommend using identical usernames on your Ansible Control Station and your remote node. For example, one can create a user named “ubuntu” on both your Ansible Control Station and your remote note.

  3. Click “Next: Permissions” - you can choose any of the available options, and “Attach existing policies directly” is the simplest one. In the list of policy types, search for and then check “AmazonEC2FullAccess”. Click “Next:Review”. Review your account and click “Create user” to proceed.

  4. it is very important that you copy “Access Key ID” and “Secret Access Key” without leaving this page, because there is no other way to retrieve “Secret Access Key” later and you will have to start again and create another user. After copying this important information, select “Close”.

  5. after you’ve copied and saved your AWS secret keys, the next step is to upload your SSH public key. In the top left corner of the page select “Services -> EC2”. On the left sidebar select “Network & Security” -> “Key Pairs”. Click “Import Key Pair”. Give a name to this keypair, otherwise base name of the file will be used (by default id_rsa). Browse your Ansible Control Station file system for the public key.

  6. configure aws cli:

aws configure

provide your credentials (Access Key ID and Secret Access Key) from earlier. Choose a region for your account (e.g. us-east-2) and output format (json is recommended).

  1. check that keypair was correctly imported:
aws ec2 describe-key-pairs

you should see your keypair name in the list.

  1. choose available aws VPC and Subnet. Run this command to list subnets
aws ec2 describe-subnets

select any subnet with "State": "available" and non-zero AvailableIpAddressCount. You need to note SubnetId and VpcId of this subnet for later use.

  1. clone repository with ansible playbooks and checkout branch corresponding to Kovan:
git clone
cd deployment-playbooks
git checkout kovan
  1. go to aws folder
cd aws
  1. create configuration file
cp group_vars/all.yml.example group_vars/all.yml
  1. edit this file in your favorite text editor (e.g. nano)
nano group_vars/all.yml

and provide the following configuration parameters

access_key: "your aws access key"
secret_key: "your aws secret key"

awskeypair_name: "aws keypair name"
region: "us-east-1" # you can choose a different region
vpc_id: "your VpcId"
vpc_subnet_id: "your SubnetId"

leave other parameters unchanged

  1. run the playbook (run from the aws folder)
 ansible-playbook validator.yml --private-key ~/.ssh/id_rsa

If the path to your private key is different, use that instead of ~/.ssh/id_rsa. If successful, you should see a successful play recap.

  1. open aws console, go to ec2 instances and check that new instance is created, note it’s IP address for later use.

  2. Next you must run a second Ansible playbook from the root directory to complete the setup - Return to step III. Ansible Playbook Configuration in Kovan Node setup instructions


[WARNING] provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match ‘all’.

Make sure you are in the aws subdirectory when running the playbook (step 13).

Syntax error while loading YAML

Check that variables are tabbed properly

[ami-XXX] does not exist.

ami is tied to the aws region your chose, ie east-region-2. To find the ami, go to the ec2 console at us-east-1 region, find the AMI tab and enter the current AMI. It will show you something similar to ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180205 which is the AMI name. Go to your region and enter the name at the same search string. Copy the AMI id from the output.

1 Like