interact with multichain remotely

Question

Hi, I'm trying to create a serverless backend application on AWS. It's basically a backend cut into tens of separate functions (or microservices) that drastically reduce cost and uptime issues. However, this means that the code to interact with multichain will not be hosted on the same device. Multichain will be running on a EC2 instance and the code to interact with it will only spin up on demand

I'm already able to interact with the multichain node using my ip for rpcallowip. I'm not sure what kind of behaviour these serverless functions will have in terms of IP changes (pretty much all of AWS services are able to be connected to each other one way or another) but I heard that allowing 0.0.0.0/0 is a big problem because the RPC password is not encrypted.

What's the best thing I can do, to make my interaction with multichain more secure? If it helps, just ignore the serverless AWS and what not and look at it as if it's a regular remote interaction.

Answer 1

There are a few things I can suggest:

1. Use RPC over SSL – see rpcssl and related runtime parameters.
2. Use the rpcallowmethod runtime parameter to restrict which RPC commands can be used.
3. Try to restrict the IP ranges of RPC requesters to some extent, e.g. consult AWS documentation to see which IP ranges might be used.
4. Check into the possibility of using internal AWS IP addresses instead of public facing addresses, and use the rpcbind runtime parameter to only listen on that internal IP address.

Comments

Awesome! exactly what I needed :) thank you very much