• Applets
  • Getting started
  • Team
  • Donate

Amazon Server Setup Guide

By default, MindLogger response data are end-to-end encrypted and stored on the non-profit Child Mind Institute’s AWS account. We provide instructions below for owners of MindLogger applets who need to have all response data from their applets stored on their own AWS account’s server. If this situation applies to you, please contact [email protected] before continuing with the instructions below.

Contents

  • Information MindLogger developers will need to set up your AWS server connection
  • Set up AWS server
    • Create AWS S3 bucket
    • Create AWS user
    • Create AWS EC2 instance
    • Allow MongoDB external port
    • Set up MongoDB with yum (recommended way)
    • Set up MongoDB with Docker (not recommended)
      • Create MindLogger database in EC2 instance
      • Reset database username and password
      • Appendix: How the AWS ECR public repository was built



Information MindLogger developers will need to set up your server connection

Routing encrypted data collected from the MindLogger app to your AWS server requires initial setup assistance from MindLogger developers. If you follow the instructions in this guide, you will be able to provide them with the following required information to connect your server:

  • AWS variables to access your MindLogger Docker container:
    • MindLogger account owner email address
    • Mongodb database name (if changed from “mindlogger” in step 35)
    • Database username (if changed from “mindlogger” in step 36)
    • Database password (step 36)
    • Database port (if different than the default 27017)
    • Public IP address for your MindLogger EC2 instance (step 27)
  • AWS variables to access your MindLogger S3 storage bucket (for media files):
    • Storage bucket name (if changed from “my-mindlogger-bucket” in steps 11 and 16)
    • Access key (step 8)
    • Secret access key (step 8)


arrow



Set up AWS server

Create AWS S3 bucket

This section will guide you to create a new AWS s3 bucket for (optional) media files collected by your MindLogger applets.

  • Enter “s3” in the search box at top and select “Buckets” under “S3”:

    step14-search-s3


  • In the Buckets page, tap the orange “Create bucket” button:

    step15-buckets


  • Enter “my-mindlogger-bucket” into the Bucket name field and make it unique: append your company name or the project name.

  • Select the closest to you AWS Region

  • Tap the orange “Create bucket” button at the bottom (not visible in the screenshot):

    step16-create-bucket


  • You can now see the my-mindlogger-bucket in the list of S3 buckets:

    step17-buckets


    arrow



Create AWS user

You do not want to share information about a user with root access to your AWS account to MindLogger developers or anyone else! The following instructions will guide you to set up a new AWS user with restricted access to a new s3 bucket for (optional) media files collected by your MindLogger applets.

  • Sign in to https://aws.amazon.com/:

    step1-aws-sign-in


  • Enter “IAM” in the search box at top and select “Users” under “IAM”:

    step2-iam-users


  • In the IAM > Users screen, tap the blue “Add users” button:

    step3-users


  • In the “Add user” screen #1:

    • Enter “mindlogger-user” as the User name

    • Select Access key credential type

    • Tap the blue “Next: Permissions” button at the bottom

    step4-add-user-1


  • In the “Add user” screen #2, tap the blue “Next: Tags” button:

    step5-add-user-2


  • In the “Add user” screen #3, tap the blue “Next: Review” button:

    step6-add-user-3


  • In the “Add user” screen #4, tap the blue “Create user” button:

    step7-add-user-4


  • In the “Add user” screen #5 (screenshot below), download the .csv table

    *** SHARE THIS INFORMATION ONLY WITH MINDLOGGER ADMINISTRATORS ***

    [see top]

    The file contains:

    • the Access key ID for the new user

    • the Secret access key for the new user

  • Tap the “Close” button

    step8-add-user-5


  • You will then be taken to the IAM > Users screen with the new mindlogger-user

  • Tap “mindlogger-user”

    step9-users


  • Tap the “Add inline policy” link on the right:

    step10-mindlogger-user


  • Copy/paste the text below into the “Create policy” page “JSON” tab (ref [1] and [2])

  • Tap the blue “Review policy” button:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "s3:ListBucket"
                ],
                "Resource": [
                    "arn:aws:s3:::my-mindlogger-bucket"
                ]
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:PutObject",
                    "s3:GetObject",
                    "s3:DeleteObject"
                ],
                "Resource": [
                    "arn:aws:s3:::my-mindlogger-bucket/*"
                ]
            }
        ]
    }
    
    step11-create-policy


    Please change my-mindlogger-bucket according to your bucket name.

  • Enter “mindlogger-user-policy” in the Name field

  • Tap the blue “Create policy” button:

    step12-review-policy


  • You will then be taken to the IAM > Users screen with the new mindlogger-user and mindlogger-user-policy:

    step13-mindlogger-user-with-policy


arrow



Create AWS EC2 instance

Your MindLogger database needs to be set up somewhere to store the response data collected by your MindLogger applets. This section will guide you to create a new AWS Linux 2 instance.

  • Enter “ec2” in the search box at top and select “Instances” under “EC2”:

    step18-search-ec2


  • In the Instances page, tap the orange “Launch instances” button:

    step19-ec2-instances


  • Enter “mindlogger-instance” in the Name field

  • If you tap the orange “Launch instance” button…

    step20-launch-instance-1


  • …it will alert you that you need a Key pair name

  • Tap on the “Create new key pair” link:

    step21-launch-instance-2


  • Enter “mindlogger-key-pair” in the Name field

  • Tap the orange “Create key pair” button:

    step22-launch-instance-3-create-key-pair


  • Tap the orange “Launch instance” button:

    step23-launch-instance-4


  • It should then confirm you have successfully initiated launch of the new instance

  • Tap the orange “View all instances” button:

    step24-launch-instance-5


  • You should see mindlogger-instance in the list of EC2 instances (you might need to wait and refresh the Instances page):

    step25-instances


arrow



Allow MongoDB external port

In order to get access to MongoDB instance from the internet you will need to open external port.

  • Go to EC2 instances, scroll to the right and notice the security group name - it’s launch-wizard-1.
locate security group name


  • Click Security groups in sidebar. Locate the security group with the name from previous step and click the checkbox. In the bottom menu switch to Inbound rules tab and click Edit inbound rules.
edit inbound rules


  • Click Add rule and enter Port range: 27017-27020. In the source enter 0.0.0.0/0. Click Save rules.
add inbound rule



Set up MongoDB with yum (recommended way)

This section will guide you to create an empty MindLogger mongodb database.

Install MongoDB

  • Run the following command in terminal:

    sudo nano /etc/yum.repos.d/mongodb-org-4.2.repo
    
  • Copy and paste the content below:

    [mongodb-org-4.2]
    name=MongoDB Repository
    baseurl=https://repo.mongodb.org/yum/amazon/2/mongodb-org/4.2/x86_64/
    gpgcheck=1
    enabled=1
    gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
    
  • Save and exit the editor. You need to press Ctrl+O, hit enter and then press Ctrl+X
  • Now update packages by running

    sudo yum update
    
  • Install MongoDB package

    sudo yum install -y mongodb-org
    
  • Start MongoDB

    sudo systemctl start mongod
    
  • Check its status

    sudo systemctl status mongod
    
  • Enable service autostart

    sudo systemctl enable mongod
    

Create user and database

  • Get into MongoDB console by running mongo in terminal

  • Create a root user with the following commands:
    use admin
    db.createUser({  user: "root",  pwd: "root_password",  roles: [ "root" ]  })
    
    created mongodb root user


    Note: replace root_password with a new safe and complex password

  • Create database “mindlogger” with the following commands:
    use mindlogger
    db.test.save( {name:"test"} )
    db.test.find()
    show dbs
    
    created mongodb database


    Note: Share the database name with MindLogger administrators [see top]

  • Create a mindlogger user with the following commands:
    use mindlogger <- this important
    db.createUser({user: "mindlogger", pwd: "new_password", roles: ["readWrite"]})
    
    created mongodb mindlogger user


    Note: replace new_password with a new safe and complex password.

    Note: Share the database username and password with MindLogger administrators [see top]

  • Exit from MongoDB console by typing exit

  • Edit the mongo settings file

    sudo nano /etc/mongod.conf
    
  • Find the #security line and replace it with this line:

    security.authorization: enabled
    
  • Find the net: line and replace bindIp: with bindIpAll: true so it looks like this:

    net:
      port: 27017
      bindIpAll: true
    
  • Save and exit the editor. You need to press Ctrl+O, hit enter and then press Ctrl+X
  • Restart the service

    sudo service mongod restart
    
  • Verify credentials

    mongo -u "mindlogger" -p "new_password" --authenticationDatabase  "mindlogger"
    show dbs
    
    check mongo auth


    Note: replace new_password with the password you specified at step 36.

Set up MongoDB with Docker (not recommended)

Create MindLogger database in EC2 instance

This section will guide you to create an empty MindLogger mongodb database. You will copy a Docker container with a mongodb database from a public AWS Elastic Container Registry repository to your new AWS EC2 instance.

  • Tap Instance ID link for mindlogger-instance in the Instances page just above

  • Tap the “Connect” button in the mindlogger-instance page:

    step26-mindlogger-instance


  • Select the “EC2 Instance Connect” tab in the “Connect to instance” page

  • Tap the orange “Connect” button:

    step27-connect-to-instance


  • In the EC2 Instance Connect screen, type the command sudo yum update:

    step28-install-docker-1


  • Whenever “[y/d/N]” is presented, choose “y” for “yes”:

    step29-install-docker-2


  • Type the command sudo yum install docker:

    step30-install-docker-3


  • Enable docker service at AMI boot time by typing the command:

    sudo systemctl enable docker.service

  • Start the Docker service with the command:

    sudo systemctl start docker.service

    step31-install-docker-4


  • Pull the public MindLogger container image from Amazon’s Elastic Container Registry:

    sudo docker pull public.ecr.aws/c4l1a6f8/mindlogger:latest

    step32-pull-mindlogger-container


    • (See Appendix for how the public MindLogger container was built)


  • Run the image as a mindlogger container by typing the command:

    sudo docker run -it -d --name mindlogger public.ecr.aws/c4l1a6f8/mindlogger

    step33-run-mindlogger-container


arrow



Reset database username and password

For security, you must change at least the password that accesses your database. This section will guide you to create a new user with access to your mongodb database and change relevant environment variables. You will need to share this information with MindLogger administrators.

  • Set environment variables (do not change once connected)

    *** SHARE THIS INFORMATION ONLY WITH MINDLOGGER ADMINISTRATORS ***

    [see top]

    NOTE: replace new_username and new_password with new login credentials

    echo "export MONGO_INITDB_DATABASE=mindlogger" >> .bashrc

    echo "export MONGO_INITDB_ROOT_USERNAME=new_username" >> .bashrc

    echo "export MONGO_INITDB_ROOT_PASSWORD=new_password" >> .bashrc

    source .bashrc

    step34-reset-env-vars


  • Reset the database username and password inside the mongodb Docker container:

    NOTE: replace new_username and new_password with the new login credentials

    sudo docker exec -it mindlogger bash -c mongo \
    --username new_username --password new_password

    step35-reset-mongodb-login


  • At the command line prompt (>), create a new user with the new login credentials:

    NOTE: replace new_username and new_password with the new login credentials

    db.createUser({user: 'new_username', pwd: 'new_password', \
    roles: [{ role: 'readWrite', db:'[database]'}]})

    step36-create-mongodb-user


  • Type Ctrl-C to escape this prompt and exit to exit the console

arrow



Appendix: How the public MindLogger Docker container was built

The information below is for completeness and transparency, and gives the steps used to create the AWS ECR public MindLogger container that is used in the instructions above.

  • Build the Docker container in an EC2 instance on the same account that owns the ECR repository:
    • sudo yum update
    • sudo yum install git
    • sudo yum install docker
    • sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    • sudo chmod +x /usr/local/bin/docker-compose
    • sudo systemctl enable docker.service
    • sudo systemctl start docker.service
    • git clone https://github.com/ChildMindInstitute/mindlogger-arbitrary-server.git
    • cd mindlogger-arbitrary-server
    • sudo /usr/local/bin/docker-compose build
    • sudo /usr/local/bin/docker-compose up -d
  • Set up AWS CLI v2:
    • curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
    • unzip awscliv2.zip
    • sudo ./aws/install
    • /usr/local/aws-cli/v2/current/bin/aws configure
  • Set up a public repo on AWS’s ECR ([1], [2], [3]):
    • Attach AmazonElasticContainerRegistryPublicFullAccess policy to the user
    • aws ecr-public get-login-password --region us-east-1 | sudo docker login --username AWS --password-stdin public.ecr.aws/c4l1a6f8
    • Push the Docker container to the public repo on ECR:
      • sudo docker tag mongo:4-bionic public.ecr.aws/c4l1a6f8/mindlogger:latest
      • sudo docker push public.ecr.aws/c4l1a6f8/mindlogger:latest


arrow




Updated by Arno 2022-07-02
nimh-logo
mit-logo
lpi-logo
hearst-logo
hirani-logo
Contact: [email protected]
© Child Mind Institute 2023
  • Terms
  • Conduct
  • Principles