Own full node wallet in Amazon Clouds, open source, fully automatic, with start of server in reaction for outgoing transaction, sent from the service such as IFTTT.
** commit from the first of August ** The text below is not very relevant, because the project has progress with sending transactions from Lambda* functions, directly to the bitcoin network, using the ip addresses of the servers which were previously connected to the common full node server.
Module Duo Mobile Security also adapted for work from Lambda, so starting the server for each transaction not necessary.
* AWS Lambda is a compute service that runs your code in response to events
Now you can add "fast wallet", and put some money to them from "classic server wallet", which can be turned on later when you want to check incoming balance.
It is still own full node, but it use advanced cloud technology to increasing the speed of operations and decreasing resource consumption.
Also with new AWS service "API gateway", in combination with Lambda Functions, it is possible subscribes to real-time apis of some social services, without any servers and almost free.
For example, you can connect own installed facebook application on own cloud resources through real-time api.
This allows to send a transaction between two connected facebook pages:
https://www.facebook.com/walletinclouds
http://aws.amazon.com/api-gateway
Now presented only Amazon Clouds, but elements can be combined or expanded from analogs on another clouds, if such exist or when they will be.
Hello.
I create an open source system, built using Amazon Compute Cloud API and their services.
Now it's more or less works, link to the repository at the end of this text, and I'm interested in feedback in early stage.
It includes one fully automated script to integrate the system in your AWS account, which you can run from your computer.
In general, you will have your own full bitcoin node, but the server will start on a reaction to the outgoing transaction, and most of the time can be switched off.
Each time for the first transaction in an hour will start a new server with default OS, with all closed ports, including 22 ssh,
excluding 8333 with smart control of traffic cost, and with private ssh key that not stored anywhere.
After starting the server, AWS Lamba scripts will mount EBS storage with your wallet and your copy of blockchain to the new server. (
http://aws.amazon.com/lambda)
At the end of each billing hour, server will be automatically shutdown, if no active transactions.
The system runs on
EC2 spot servers, which is usually several times cheaper then common servers, now it near 0.009$/hour in the US regions (m3.medium with 4GbRam,
[upd] you can change it in config file.
http://aws.amazon.com/ec2/purchasing-options/spot-instances).
The price of the server may be increased depending on the load on the cloud (
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances-history.html).
The server has a communication with the outside world only through the Amazon Simple Notification Service, Amazon Simple Queue Service, and authentification services like DUO mobile, which can be connected like modules.
Speaking in simple language - EC2 servers have excellent external firewall which call "Security Groups", with control by api without connecting to the server.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.htmlIf you use only "fast Lambda wallet", you will pay only for Elastic Block Storage with your copy of blockchain:
50GB of blockchain + 10GB extra = 60GB * 0.05$ GB/month for magnetic hard disk in N. Virginia region = 3$/month
For new users 30GB/month of them during the first year will be free:
http://aws.amazon.com/free.
The Lambda functions free tier includes 1M free requests per month.The system uses the Amazon Simple Notification Service, as a simple interface endpoint for outgoing transactions, and AWS lambda functions for managing the transactions and prepare the server. (
http://aws.amazon.com/sns/)
I connect to them via
zapier.com and can send commands from a lot of social services. You can create a lot of variants of schemes.
I hope when this will be finished, other services like IFTTT will also support the SNS, because in zapier you need premium account.
Now with "AWS API Gateway" and "Webhooks by Zapier" in some cases premium account is no needed.After you import this system into your AWS account, you will have few streams to operate your wallet:
https://s3.amazonaws.com/bitforumscreenshots/second_ed.png1) SNS stream for outgoing transactions.
After connection with services like zapier you can send simple command from any source: email, sms, trello or any you want.
The command such as:
18ozPxUtzyKgFGZ94PTxZUDfpiCqCzdwYm 1.764236
I'm use Trello, and create a new card in a special board for the new outgoing transactions.
https://s3.amazonaws.com/bitforumscreenshots/first.pngAlso possible add outgoing stream, based on S3 automatically uploaded files. If you know some services which allow it, please write a comment.
2) multi-factor transactions authentification.
I'm doing a modular system with the ability to connect a few different or identical services running in series or in parallel.
Now it's 2 modules that are executed in parallel:
- Built-in system based on SNS and SQS streams: you receive a message with the random code and should send answer with the confirmation. Sources you connect in zapier: email, sms and other.
- Duo security with push authentication requests for mobile:
https://www.duosecurity.com/product/methods/duo-mobileIn combination of sms and sns authorization, you can control the wallet without an internet connection.
It is possible to restrict access to SNS streams, and this allows to receive payment requests from untrusted applications.
3) Status stream.
The stream which will be receive status of transactions and of server.
Plans and what in the process:
1) Create a simple application for entering a password and pin code.
You can get a link such as "
https://54.140.50.120:random_port/unique_string", via sms from AWS for example.
Each session will have different ip, port can be open only during the authorization for a limited time, for example 60 seconds.
Now password protected wallets are not supported.
2) Add stream to check the balance, get a new addresses and QR codes from the wallet. It can be run without starting the server.
3)
Open port 8333 optional.
Port opened.
You can set how much you can spend for traffic per month.
Each time when the server is starting, system checking traffic bill.
If it not exceed the limit, system will check increased or decreased the number of full nodes in the world lately, using http://getaddr.bitnodes.io, and if it decreased - opens the incomming port.
4) Automatically change the size of the hard drive, when a blockchain becomes larger.
5) Change DynamoDB table to table based on S3 files. DynamoDB not neccesary and is several times more expensive then other services all together.
6) Fast Lambda Wallet in progress. The server save IPs of connected nodes. Lambda functions using this IPs to send raw transactions.
Like I'm read in the docs, this functions ready to execute the code within 100ms after the occurrence event.
Thanks to the "bitcore" javascript library -
http://bitcore.ioScripts for integration in AWS account in progress.
7) Direct integration with social services. https://www.facebook.com/walletincloudsScripts for integration in AWS account in progress.
8 ) "Fast server setup" in progress. Each time you can use different configuration with your node. This can be used for first blockchain synchronization.
On the server with 16 or 40 CPUs and syncing all blockchain in RAM memory, the whole cycle takes 3.5 hours.
After server start, daemon was connected to the 500 servers from biggest data centers, taken from current snapshot of getaddr.bitnodes.io
9) Add other clouds.
This PRE-ALFA VERSION, NOT STABLE AND NOT TESTED, DON'T USE IT NOW, if you are not an nodejs and AWS expert.
If you have this knowledge, you can test it on a very small wallet and empty AWS account, and you must be absolutely sure that you will do.
Only for tests, please be very careful.
https://github.com/emotional-engineering/cloud-castleIf it can be useful, I will be happy to give ownership of the repository to any organization for the code control in the master branch.
Maybe there are ways to make a secure repository.
It may be better to use BitBucket, and make push to master branch after a few people approve changes.
I alone can't do it, I don't have the relevant experience and you have no reason to trust my code, so without doing the above items
this not secure and can't be used.
It is important to know that if your wallet is not password protected, security will consists from the safety of your AWS account.
Having access to it can be easily to mount EBS storage with wallet to new not protected virtual machine.
This can be useful:
http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingMFA.htmlAlso, this can be avoided by using the common instances and disk encryption.
Any advices, issues or commits are welcome.
Also welcome any donations: 17GoS8cWoCmZMmGkW9SguGtUWMzekkYHDo
