• Applets
  • Getting started
  • Team
  • Donate

Amazon Server Setup Guide

By default, MindLogger response data are end-to-end encrypted and stored on the non-profit Child Mind Institute’s AWS account. We provide instructions below for owners of MindLogger applets who need to have all response data from their applets stored on their own AWS account’s server. If this situation applies to you, please contact matter[email protected] before continuing with the instructions below.

Contents

  • Information MindLogger developers will need to set up your AWS server connection
  • Set up AWS bucket
    • Create AWS S3 bucket
    • Create AWS user
  • Set up PostgreSQL with RDS (recommended way)
    • Create RDS Database
    • Allow RDS external port
  • Set up PostgreSQL manually
    • Create AWS EC2 instance
    • Allow PostgreSQL external port
    • Set up PostgreSQL with yum



Information MindLogger developers will need to set up your server connection

Routing encrypted data collected from the MindLogger app to your AWS server requires initial setup assistance from MindLogger developers. If you follow the instructions in this guide, you will be able to provide them with the following required information to connect your server:

  • AWS variables to access your PostgreSQL database:
    • MindLogger account owner email address
    • PostgreSQL database name (if changed from “mindlogger” in step 35)
    • Database username (if changed from “mindlogger” in step 36)
    • Database password (step 36)
    • Database port (if different than the default 5432)
    • Public IP address for your MindLogger EC2 instance (step 27)
  • AWS variables to access your MindLogger S3 storage bucket (for media files):
    • Storage bucket name (if changed from “my-mindlogger-bucket” in steps 11 and 16)
    • Access key (step 8)
    • Secret access key (step 8)


arrow



Set up AWS bucket

Create AWS S3 bucket

This section will guide you to create a new AWS s3 bucket for (optional) media files collected by your MindLogger applets.

  • Enter “s3” in the search box at top and select “Buckets” under “S3”:

    step14-search-s3


  • In the Buckets page, tap the orange “Create bucket” button:

    step15-buckets


  • Enter “my-mindlogger-bucket” into the Bucket name field and make it unique: append your company name or the project name.

  • Select the closest to you AWS Region

  • Tap the orange “Create bucket” button at the bottom (not visible in the screenshot):

    step16-create-bucket


  • You can now see the my-mindlogger-bucket in the list of S3 buckets:

    step17-buckets


    arrow



Create AWS user

You do not want to share information about a user with root access to your AWS account to MindLogger developers or anyone else! The following instructions will guide you to set up a new AWS user with restricted access to a new s3 bucket for (optional) media files collected by your MindLogger applets.

  • Sign in to https://aws.amazon.com/:

    step1-aws-sign-in


  • Enter “IAM” in the search box at top and select “Users” under “IAM”:

    step2-iam-users


  • In the IAM > Users screen, tap the blue “Add users” button:

    step3-users


  • In the “Add user” screen #1:

    • Enter “mindlogger-user” as the User name

    • Select Access key credential type

    • Tap the blue “Next: Permissions” button at the bottom

    step4-add-user-1


  • In the “Add user” screen #2, tap the blue “Next: Tags” button:

    step5-add-user-2


  • In the “Add user” screen #3, tap the blue “Next: Review” button:

    step6-add-user-3


  • In the “Add user” screen #4, tap the blue “Create user” button:

    step7-add-user-4


  • In the “Add user” screen #5 (screenshot below), download the .csv table

    *** SHARE THIS INFORMATION ONLY WITH MINDLOGGER ADMINISTRATORS ***

    [see top]

    The file contains:

    • the Access key ID for the new user

    • the Secret access key for the new user

  • Tap the “Close” button

    step8-add-user-5


  • You will then be taken to the IAM > Users screen with the new mindlogger-user

  • Tap “mindlogger-user”

    step9-users


  • Tap the “Add inline policy” link on the right:

    step10-mindlogger-user


  • Copy/paste the text below into the “Create policy” page “JSON” tab (ref [1] and [2])

  • Tap the blue “Review policy” button:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "s3:ListBucket"
                ],
                "Resource": [
                    "arn:aws:s3:::my-mindlogger-bucket"
                ]
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:PutObject",
                    "s3:GetObject",
                    "s3:DeleteObject"
                ],
                "Resource": [
                    "arn:aws:s3:::my-mindlogger-bucket/*"
                ]
            }
        ]
    }
    
    step11-create-policy


    Please change my-mindlogger-bucket according to your bucket name.

  • Enter “mindlogger-user-policy” in the Name field

  • Tap the blue “Create policy” button:

    step12-review-policy


  • You will then be taken to the IAM > Users screen with the new mindlogger-user and mindlogger-user-policy:

    step13-mindlogger-user-with-policy


arrow



Set up PostgreSQL with RDS

Create RDS Database

  • Start typing RDS in the search box at top and select RDS:

    search


  • Click create database:

    create-db


  • Choose DB type PostgreSQL:

    db-type


  • Choose Production and Single DB instance:

    db-single


  • Specify DB instance (mindlogger-server) and DB user (mindlogger-root-user)

    Note: Share the database instance name and user with MindLogger administrators

    db-name


  • Specify the DB password. Use safe and complex one.

    Note: Share the database password with MindLogger administrators

    db-password


  • Select instance configuration: db.m6g.large

    db-instance


  • Specify storage and its size:

    db-storage


  • Allow public access:

    public-access


  • Create new security group and call it “mindlogger-security-group”:

    create-sg


  • Click Create database.

arrow


Allow RDS external port

  • Enter “ec2” in the search box at top and select “Instances” under “EC2”:

    search-ec2


  • Click security groups in the left sidebar:

    ec2-sg


  • Select “mindlogger-security-group” and click inbound rules at the bottom:

    sg-open


  • Click Edit inbound rules:

    open-rules


  • Click Add rule:

    edit-rules


  • Click Add rule and enter Port range: 5432. In the source enter 3.227.120.88/32.
  • Repeat the same process for 50.16.133.36/32, 18.210.53.226/32, 54.145.72.213/32
  • Click Save rules.

    add-rules


  • Start typing RDS in the search box at top and select RDS:

    rds-search


  • Find mindlogger-server in the list and click on it:

    rds-list


  • Copy the database endpoint and port and share with MindLogger administrators:

    rds-host



Set up PostgreSQL manually

Create AWS EC2 instance

Your MindLogger database needs to be set up somewhere to store the response data collected by your MindLogger applets. This section will guide you to create a new AWS Linux 2 instance.

  • Enter “ec2” in the search box at top and select “Instances” under “EC2”:

    step18-search-ec2


  • In the Instances page, tap the orange “Launch instances” button:

    step19-ec2-instances


  • Enter “mindlogger-instance” in the Name field

  • If you tap the orange “Launch instance” button…

    step20-launch-instance-1


  • …it will alert you that you need a Key pair name

  • Tap on the “Create new key pair” link:

    step21-launch-instance-2


  • Enter “mindlogger-key-pair” in the Name field

  • Tap the orange “Create key pair” button:

    step22-launch-instance-3-create-key-pair


  • Tap the orange “Launch instance” button:

    step23-launch-instance-4


  • It should then confirm you have successfully initiated launch of the new instance

  • Tap the orange “View all instances” button:

    step24-launch-instance-5


  • You should see mindlogger-instance in the list of EC2 instances (you might need to wait and refresh the Instances page):

    step25-instances


  • Tap the right mouse button and click “Connect”:

    step27-connect-to-instance


arrow



Allow PostgreSQL external port

In order to get access to PostgreSQL instance from the internet you will need to open external port.

  • Go to EC2 instances, scroll to the right and notice the security group name - it’s launch-wizard-1.
locate security group name


  • Click Security groups in sidebar. Locate the security group with the name from previous step and click the checkbox. In the bottom menu switch to Inbound rules tab and click Edit inbound rules.
edit inbound rules


  • Click Add rule and enter Port range: 5432. In the source enter 3.227.120.88/32.
  • Repeat the same process for 50.16.133.36/32, 18.210.53.226/32, 54.145.72.213/32
  • Click Save rules.
add inbound rule



Set up PostgreSQL with yum

This section will guide you to create an empty MindLogger postgres database.

Install PostgreSQL

  • Run the following command in terminal:

    sudo yum update -y
    
  • Install the PostgreSQL amazon extras repository:

    sudo amazon-linux-extras enable postgresql14
    
  • Install the PostgreSQL server:

    sudo yum install postgresql-server -y
    
  • Initialize the DB:

    sudo postgresql-setup initdb
    
  • Start PostgreSQL

    sudo systemctl start postgresql
    
  • Check its status

    sudo systemctl status postgresql
    
  • Enable service autostart

    sudo systemctl enable postgresql
    

Create user and database

  • Create database “mindlogger” with the following commands:
    su postgres
    createdb mindlogger
    

    Note: Share the database name with MindLogger administrators [see top]

  • Get into PostgreSQL console by running psql mindlogger in terminal

  • Create a mindlogger user with the following commands:
    CREATE USER mindlogger WITH ENCRYPTED PASSWORD 'new_password';
    GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO mindlogger;
    GRANT ALL PRIVILEGES ON DATABASE mindlogger TO mindlogger;
    GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO mindlogger;
    GRANT ALL ON DATABASE mindlogger TO mindlogger;
    GRANT USAGE, CREATE ON SCHEMA public TO mindlogger;
    

    Note: replace new_password with a new safe and complex password.

    Note: Share the database username and password with MindLogger administrators [see top]

  • Exit from PostgreSQL console by typing exit

  • Exit from postgres user by typing exit

Configure PostgreSQL security

  • Let’s configure the Postgres Listening IP. Edit the postgres settings file

    sudo nano /var/lib/pgsql/data/postgresql.conf
    
  • Find the #listen_addresses = 'localhost' line and replace it with this line:

    listen_addresses = '*'
    
  • Save and exit the editor. You need to press Ctrl+O, hit enter and then press Ctrl+X

  • Let’s configure the Postgres Allowed IPs. Edit the postgres settings file

    sudo nano /var/lib/pgsql/data/pg_hba.conf
    
  • Paste the following content at the end of this file:

    host    all             all             3.227.120.88/32          md5
    host    all             all             50.16.133.36/32          md5
    host    all             all             18.210.53.226/32         md5
    host    all             all             54.145.72.213/32         md5
    
  • Save and exit the editor. You need to press Ctrl+O, hit enter and then press Ctrl+X

  • Restart the service

    sudo service postgresql restart
    


arrow




Updated by Arno 2022-07-02
nimh-logo
mit-logo
lpi-logo
hearst-logo
hirani-logo
Contact: [email protected]
© Child Mind Institute 2023
  • Terms
  • Conduct
  • Principles