This repository provides Infrastructure-As-Code (IAC) for installing Gasolina on AWS via CDK.
- Bootstraps CDK
- Creates a VPC
- Uploads providers to S3
- Setup a CloudWatch log group
- Deploys the Gasolina API app on ECS
- Sets up load balancer on Fargate in the VPC private subnet
- Sets up API Gateway to route to the Gasolina API (we don't expose the load balancer directly, API Gateway offers TLS without the need for a certificate)
- Authenticate with AWS CLI with a valid method: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-authentication.html
-
If you want to use your own mnemonics you can configure a mnemonic per signer in the Gasolina API. Go to Secret Manager in AWS store and create a new secret for mnemonics and path.
- You want to store the secret as key-value pair. For a single secret:
- For the mnemonic use the key: LAYERZERO_WALLET_MNEMONIC
- For the PATH use the key: LAYERZERO_WALLET_PATH
-
If you want to use AWS KMS (backed by HSM), you can set this in your config and all key creation and registration into the application is done for you.
-
In the root directory of the project, run
yarn
to install all dependencies.
- Bootstrap CDK if this is your first time using CDK in the AWS account. In
cdk/gasolina/
run:
cdk bootstrap
- In
cdk/gasolina/config/index.ts
in the CONFIG object:- Configure the AWS account number for the key of the object.
projectName
: Your unique project name (this is used for your s3 bucket which needs to be globally unique on AWS)environment
: The environment your API will be pointing to on layerzero (mainnet/testnet)availableChainNames
: The chains your Gasolina app supports in comma seperated format e.g.ethereum,bsc,avalanche
signerType
: EitherMNEMONIC
if you are using mnemonics stored in secret manager orKMS
if you want CDK to set up asymmetric keys backed by HSM for you and register these keys into the Gasolina app.- If
MNEMONIC
, the number of signers registered will be based on your wallet definitions inwalletConfig/<environment>.json
- If
KMS
, you can optionally setkmsNumOfSigners
in CONFIG. This value will create and register multiple keys into the same api
- If
- In
cdk/gasolina/config/providers/<environment>/providers.json
- Configure all the RPC providers that you listed for the
availableChainNames
in the previous step.
- Configure all the RPC providers that you listed for the
- In
cdk/gasolina/config/walletConfig/<environment>.json
- Under
definitions
, add a Wallet Definition per Signer in Gasolina API that you registered in Secret Manager in the pre-requisites step.- Configure the
address
of the signer - Configure the
secretName
of that signer. This is used by the application to fetch the mnemonics when it needs to sign the payload
- Configure the
- Under
You can enhance message verification by adding your own custom rules.
To implement this, setup an API that would be called by gasolina whenever a message is received. The API will receive the complete context of the message, including additional onchain data, and will return a boolean value indicating whether the message can be signed.
API Input:
{
sentEvent: { // PacketSent event, emitted from the Endpoint contract
lzMessageId: {
pathwayId: {
srcEid: number // Soure chain eid (https://github.com/LayerZero-Labs/LayerZero-v2/blob/main/packages/layerzero-v2/evm/protocol/contracts/EndpointV2.sol#L23)
dstEid: number
sender: string // Sender oapp address on source chain
receiver: string // Receiver oapp address on destination chain
srcChainName: string // Source Chain Name
dstChainName: string // Destination Chain Name
}
nonce: number
ulnSendVersion: UlnVersion
}
guid: string // onchain guid
message: string
options: {
// Adapter Params set on the source transaction
lzReceive?: {
gas: string
value: string
}
nativeDrop?: {
amount: string
receiver: string
}[]
compose?: {
index: number
gas: string
value: string
}[]
ordered?: boolean
}
payload?: string
sendLibrary?: string
onChainEvent: { // Transaction on the source chain
chainName: string
txHash: string
blockHash: string
blockNumber: number
}
}
from: string // Address of the sender
}
API Output:
- The API is expected to return a boolean value indicating whether the message can be signed.
Setup:
- In
cdk/gasolina/config/index.ts
in the CONFIG object:- Set
extraContextGasolinaUrl
to the URL of your API
- Set
Setup infrastructure and deploy the Gasolina application.
In cdk/gasolina/
run:
cdk deploy
After the deployment is done, in the stdout you will see Oracle.ApiGatewayUrl = <URL>
. Send this URL over to LayerZeroLabs.
Make an HTTP GET request to the ApiGatewayUrl at the following endpoint:
curl https://<ApiGatewayUrl>/signer-info?chainName=ethereum
If successful, you should see the signers registered on Gasolina API.
To test the API against a sample message, in the root directory run:
ts-node scripts/testDeployment -u <ApiGatewayUrl> -e <environment>
- A successful response will look like:
--- [200] Successful request ---
Response: {
signatures: [
{
signature: '<signature>',
address: '<address>'
},
{
signature: '<signature>',
address: '<address>'
}
]
}
Depending on the environment (i.e testnet/mainnet), fill in the appropriate information regarding DVN addresses and KMS key ids in the scripts/configChangePayloads/data
folder. The file names should be dvn-addresses-<environment>.json
and kms-keyids-<environment>.json
respectively. Take a look at existing testnet examples in the scripts/configChangePayloads/data
folder to see how they need to be filled.
ts-node scripts/configChangePayloads/createSetQuorumSignatures.ts -e <environment> -c <comma-separated-chain-names> --oldQuorum <number> --newQuorum <number>
# e.g. ts-node scripts/configChangePayloads/createSetQuorumSignatures.ts -e testnet -c bsc,avalanche,fantom --oldQuorum 2 --newQuorum 1
When adding a signer, you need to set --shouldRevoke
arg as 0, when removing, you need to set it as 1.
ts-node scripts/configChangePayloads/createSetQuorumSignatures.ts -e <environment> -c <comma-separated-chain-names> --q <quorum> --signerAddress <string> --shouldRevoke <0 or 1>
# e.g. ts-node scripts/configChangePayloads/createAddOrRemoveSignerSignatures.ts -e testnet -c bsc,avalanche,fantom -q 1 --signerAddress 0x85e4857b7f15bbbbbc72d933a6357d3c22a0bbc7 --shouldRevoke 1
- Some resources have deletion projection policies. You will need to delete these resources before you can redeploy:
- the CloudWatch log group:
GasolinaMetricLogGroup
- the S3 bucket:
providerconfigs-<projectName>-<environment>-gasolina
- the CloudWatch log group: