By default, MindLogger response data are end-to-end encrypted and stored on the non-profit Child Mind Institute’s AWS account. We provide instructions below for owners of MindLogger applets who need to have all response data from their applets stored on their own AWS account’s server. If this situation applies to you, please contact [email protected] before continuing with the instructions below.
Routing encrypted data collected from the MindLogger app to your AWS server requires initial setup assistance from MindLogger developers. If you follow the instructions in this guide, you will be able to provide them with the following required information to connect your server:
This section will guide you to create a new AWS s3 bucket for (optional) media files collected by your MindLogger applets.
Enter “s3” in the search box at top and select “Buckets” under “S3”:
In the Buckets page, tap the orange “Create bucket” button:
Enter “my-mindlogger-bucket” into the Bucket name field and make it unique: append your company name or the project name.
Select the closest to you AWS Region
Tap the orange “Create bucket” button at the bottom (not visible in the screenshot):
You can now see the my-mindlogger-bucket in the list of S3 buckets:
You do not want to share information about a user with root access to your AWS account to MindLogger developers or anyone else! The following instructions will guide you to set up a new AWS user with restricted access to a new s3 bucket for (optional) media files collected by your MindLogger applets.
Sign in to https://aws.amazon.com/:
Enter “IAM” in the search box at top and select “Users” under “IAM”:
In the IAM > Users screen, tap the blue “Add users” button:
In the “Add user” screen #1:
Enter “mindlogger-user” as the User name
Select Access key credential type
Tap the blue “Next: Permissions” button at the bottom
In the “Add user” screen #2, tap the blue “Next: Tags” button:
In the “Add user” screen #3, tap the blue “Next: Review” button:
In the “Add user” screen #4, tap the blue “Create user” button:
In the “Add user” screen #5 (screenshot below), download the .csv table
*** SHARE THIS INFORMATION ONLY WITH MINDLOGGER ADMINISTRATORS ***[see top]
The file contains:
the Access key ID for the new user
the Secret access key for the new user
Tap the “Close” button
You will then be taken to the IAM > Users screen with the new mindlogger-user
Tap “mindlogger-user”
Tap the “Add inline policy” link on the right:
Copy/paste the text below into the “Create policy” page “JSON” tab (ref [1] and [2])
Tap the blue “Review policy” button:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::my-mindlogger-bucket"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::my-mindlogger-bucket/*"
]
}
]
}
Please change my-mindlogger-bucket according to your bucket name.
Enter “mindlogger-user-policy” in the Name field
Tap the blue “Create policy” button:
You will then be taken to the IAM > Users screen with the new mindlogger-user and mindlogger-user-policy:
Your MindLogger database needs to be set up somewhere to store the response data collected by your MindLogger applets. This section will guide you to create a new AWS Linux 2 instance.
Enter “ec2” in the search box at top and select “Instances” under “EC2”:
In the Instances page, tap the orange “Launch instances” button:
Enter “mindlogger-instance” in the Name field
If you tap the orange “Launch instance” button…
…it will alert you that you need a Key pair name
Tap on the “Create new key pair” link:
Enter “mindlogger-key-pair” in the Name field
Tap the orange “Create key pair” button:
Tap the orange “Launch instance” button:
It should then confirm you have successfully initiated launch of the new instance
Tap the orange “View all instances” button:
You should see mindlogger-instance in the list of EC2 instances (you might need to wait and refresh the Instances page):
In order to get access to MongoDB instance from the internet you will need to open external port.
27017-27020
. In the source enter 0.0.0.0/0
. Click Save rules.This section will guide you to create an empty MindLogger mongodb database.
Run the following command in terminal:
sudo nano /etc/yum.repos.d/mongodb-org-4.2.repo
Copy and paste the content below:
[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/amazon/2/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
Now update packages by running
sudo yum update
Install MongoDB package
sudo yum install -y mongodb-org
Start MongoDB
sudo systemctl start mongod
Check its status
sudo systemctl status mongod
Enable service autostart
sudo systemctl enable mongod
Get into MongoDB console by running mongo
in terminal
use admin
db.createUser({ user: "root", pwd: "root_password", roles: [ "root" ] })
Note: replace root_password
with a new safe and complex password
use mindlogger
db.test.save( {name:"test"} )
db.test.find()
show dbs
Note: Share the database name with MindLogger administrators [see top]
use mindlogger <- this important
db.createUser({user: "mindlogger", pwd: "new_password", roles: ["readWrite"]})
Note: replace new_password
with a new safe and complex password.
Note: Share the database username and password with MindLogger administrators [see top]
Exit from MongoDB console by typing exit
Edit the mongo settings file
sudo nano /etc/mongod.conf
Find the #security
line and replace it with this line:
security.authorization: enabled
Find the net:
line and replace bindIp:
with bindIpAll: true
so it looks like this:
net:
port: 27017
bindIpAll: true
Restart the service
sudo service mongod restart
Verify credentials
mongo -u "mindlogger" -p "new_password" --authenticationDatabase "mindlogger"
show dbs
Note: replace new_password
with the password you specified at step 36.
This section will guide you to create an empty MindLogger mongodb database. You will copy a Docker container with a mongodb database from a public AWS Elastic Container Registry repository to your new AWS EC2 instance.
Tap Instance ID link for mindlogger-instance in the Instances page just above
Tap the “Connect” button in the mindlogger-instance page:
Select the “EC2 Instance Connect” tab in the “Connect to instance” page
Tap the orange “Connect” button:
In the EC2 Instance Connect screen, type the command sudo yum update
:
Whenever “[y/d/N]” is presented, choose “y” for “yes”:
Type the command sudo yum install docker
:
Enable docker service at AMI boot time by typing the command:
sudo systemctl enable docker.service
Start the Docker service with the command:
sudo systemctl start docker.service
Pull the public MindLogger container image from Amazon’s Elastic Container Registry:
sudo docker pull public.ecr.aws/c4l1a6f8/mindlogger:latest
Run the image as a mindlogger container by typing the command:
sudo docker run -it -d --name mindlogger public.ecr.aws/c4l1a6f8/mindlogger
For security, you must change at least the password that accesses your database. This section will guide you to create a new user with access to your mongodb database and change relevant environment variables. You will need to share this information with MindLogger administrators.
Set environment variables (do not change once connected)
*** SHARE THIS INFORMATION ONLY WITH MINDLOGGER ADMINISTRATORS ***[see top]
NOTE: replace new_username
and new_password
with new login credentials
echo "export MONGO_INITDB_DATABASE=mindlogger" >> .bashrc
echo "export MONGO_INITDB_ROOT_USERNAME=new_username" >> .bashrc
echo "export MONGO_INITDB_ROOT_PASSWORD=new_password" >> .bashrc
source .bashrc
Reset the database username and password inside the mongodb Docker container:
NOTE: replace new_username
and new_password
with the new login credentials
sudo docker exec -it mindlogger bash -c mongo \
--username new_username --password new_password
At the command line prompt (>), create a new user with the new login credentials:
NOTE: replace new_username
and new_password
with the new login credentials
db.createUser({user: 'new_username', pwd: 'new_password', \
roles: [{ role: 'readWrite', db:'[database]'}]})
Type Ctrl-C to escape this prompt and exit
to exit the console
The information below is for completeness and transparency, and gives the steps used to create the AWS ECR public MindLogger container that is used in the instructions above.
sudo yum update
sudo yum install git
sudo yum install docker
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo systemctl enable docker.service
sudo systemctl start docker.service
git clone https://github.com/ChildMindInstitute/mindlogger-arbitrary-server.git
cd mindlogger-arbitrary-server
sudo /usr/local/bin/docker-compose build
sudo /usr/local/bin/docker-compose up -d
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
/usr/local/aws-cli/v2/current/bin/aws configure
aws ecr-public get-login-password --region us-east-1 | sudo docker login --username AWS --password-stdin public.ecr.aws/c4l1a6f8
sudo docker tag mongo:4-bionic public.ecr.aws/c4l1a6f8/mindlogger:latest
sudo docker push public.ecr.aws/c4l1a6f8/mindlogger:latest