Skip to content
Simple deployment of a P-Rep node for the ICON Blockchain
HCL Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
{{ cookiecutter.environment }}


Scaffolding tool to automatically generate the neccesary files you need to run a one-click deployment of a P-Rep and Citizen nodes for the ICON Blockchain.

Requires AWS account with proper permissions.


  • Cookiecutter
    • pip install cookiecutter
  • Ansible
    • pip install ansible
  • Terraform
    • We suggest using tfswitch
      • Requires installing Go
    • Otherwise here are some options
      • Windows
        • Install chocolatey
        • From command prompt run choco install terraform
      • Mac
        • Install brew
        • brew install terraform
      • Linux
        • Figure it out
  • Terragrunt
    • We suggest using tgswitch)
    • Install from source
    • Install
      • Windows
        • choco install terragrunt
      • Mac
        • brew install terragrunt


  • Run cookiecutter
  • Enter options - You can save your options in a yaml file as documented below
  • Export these keys
    • AWS_ACCESS_KEY_ID – Specifies an AWS access key associated with an IAM user or role.
    • AWS_SECRET_ACCESS_KEY – Specifies the secret key associated with the access key. This is essentially the "password" for the access key.
    • If you are using keys with aws profile, export the profile - export AWS_PROFILE=profile
  • Ensure the IAM user provided has the AdministratorAccess role and no other policies are applied that explicitly deny


  • Run cd <env> && chmod +x && ./
    • Might need to nudge it along by running terragrunt from within the directories or running apply twice
    • Sometimes there are errors with the content delivery system and various API calls
  • Run chmod +x && ./ to destroy the resources

Saving Config Values

It can be easier to set defaults in a yaml configuration file like this,

    environment: "dev"
    region: "us-east-1"
    account_id: "987654321012"
    corporate_ip: ""
    local_public_key: "full/path/to/.ssh/"
    local_private_key: "full/path/to/.ssh/id_rsa"
    keystore_path: "full/path/to/keystore"
    keystore_password: "scarystuff"

Then you just need to run cookiecutter like so,

cookiecutter --config-file=context.yaml

To suppress input run with additional flag --no-input flag:

cookiecutter --config-file=context.yaml --no-input


  • Places where hard-codes exist
    • logging bucket - ok
    • global reference
      • Need to deal with this somehow
      • This is best practice to put IAM and other globally scoped resources in their own folder
      • This obviously is going to cause a lot of issues
You can’t perform that action at this time.