Terraform for bluesky-social/atproto in aws
- AWS cli and SSO login
- A domain registered
- Moving out of the AWS SES sandbox
- Create DID in PLC server (detailed at tips)
| Name | Version |
|---|---|
| aws | ~> 4.0 |
- Setup AWS Organization and SSO login
| Name | Version |
|---|---|
| aws | 4.58.0 |
| aws.virginia | 4.58.0 |
| template | 2.2.0 |
No modules.
- Fork this repo.
- Exec
cp terraform.tfvars.example terraform.tfvars - Input values of
terraform.tfvars - Exec
terraform plan, if no problem, Execterraform apply
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| admin_password | 管理者パスワード | string |
n/a | yes |
| atproto_pds_container_repo_url | PDS のコンテナの URL | string |
"docker.io/kingyosun/atproto" |
no |
| atproto_pds_container_tag | PDS のコンテナのタグ | string |
"latest" |
no |
| available_user_domains | ,区切りで複数定義できる, ユーザーが利用可能なドメイン | string |
".test,.dev.bsky.dev" |
no |
| aws_account_id | AWS アカウント ID | string |
n/a | yes |
| aws_region | aws region | string |
"ap-northeast-1" |
no |
| aws_sso_role | AWS の SSO Admin ロール | string |
n/a | yes |
| database_name | DB 名 | string |
"atproto_pds" |
no |
| database_password | DB の PASSWORD | string |
"chinpokopon" |
no |
| database_username | DB の USERNAME | string |
"admin" |
no |
| did_plc_server_url | PLC サーバーの URL | string |
"https://plc.directory" |
no |
| ecs_log_retention_in_days | ECS のログ保持日数 | number |
90 |
no |
| host_domain | PDS のドメイン | string |
"localhost" |
no |
| invite_required | 招待コードが必要な場合 true | string |
"true" |
no |
| user_invite_interval | 招待コードの発行間隔 | number |
604800000 |
no |
| jwt_secret | n/a | string |
n/a | yes |
| kms_recovery_key_alias | KMS の recovery_key の alias | string |
"alias/atproto/pds/recovery_key" |
no |
| kms_signing_key_alias | KMS の signing_key の alias | string |
"alias/atproto/pds/signing_key" |
no |
| log_level | pino の Log Level | string |
"info" |
no |
| pds_version | PDS コンテナの version | string |
"0.0.0" |
no |
| repo_signing_key | repository signing key(raw) | string |
n/a | yes |
| s3_bucket_name | S3 のバケット名 | string |
"atproto-pds" |
no |
| server_did | 鯖缶 Did? 事前に plc サーバーで作成する | string |
n/a | yes |
| ses_smtp_key_id | SMTP サーバーの Access Key | string |
n/a | yes |
| ses_smtp_password_v4 | SMTP サーバーの Password v4 | string |
n/a | yes |
| ssm_parameter_store_base | SSM パラメータの基準となるパス | string |
"/atproto/pds" |
no |
| hive_api_key | Key of HiveLabeler | string |
n/a | yes |
| labeler_did | did of HiveLabeler | string |
n/a | yes |
| moderator_password | password of moderator | string |
n/a | yes |
| Name | Description |
|---|---|
| aws_iam_access_key_smtp | n/a |
| aws_iam_secret_smtp | n/a |
| aws_iam_smtp_password_v4 | n/a |
$ openssl ecparam -genkey -name secp256k1 -out repo_signing_key.pem
$ openssl ec -in repo_signing_key.pem -text -noout
Create DID in https://plc.directory
_ I need more efficient method! _
- Fork bluesky-social/atproto
- Add below code below
const keypair = await crypto.EcdsaKeypair.create()of/packages/dev-env/src/index.ts. FillingADMIN_USER_NAMEandDOMAIN. (needimport * as cbor from '@ipld/dag-cbor'andimport * as uint8arrays from 'uint8arrays')
const keyDid = keypair.did()
console.log(`signingKey: ${keyDid}`)
console.log(`recoveryKey: ${keyDid}`)
const obj = {
type: 'create',
signingKey: keyDid,
recoveryKey: keyDid,
handle: '${ADMIN_USER_NAME}.${DOMAIN}',
service: 'https://${DOMAIN}',
prev: null,
}
const data = new Uint8Array(cbor.encode(obj))
console.log(
`sig: ${uint8arrays.toString(await keypair.sign(data), 'base64url')}`,
)
- Exec
make buildandmake run-dev-env, you can seesigningKey,recoveryKey,sig - Exec
curl -X POST -H "Content-Type: application/json" -d '{"type":"create","signingKey":"${signingKey}","recoveryKey":"${recoveryKey}","handle":"${handle}","service":"${domain}","prev":null,"sig":"${sig}"} https://plc.directory/did:plc:${random_string} - Then, you will get message
Hash of genesis operation does not match DID identifier: did:plc:${DID_HASH} - Assign DID_HASH to
ramdom_stringof 4. , and redone. - Complete creating DID of
did:plc:${DID_HASH}inhttps://plc.directory