Mining With AWS Nitro

Create IAM Policy

First you'll need to create a new IAM Policy to allow the use of the KMS key to only be used inside the enclave. Open the "IAM -> Policies" page, and then click the "Create Policy" button to load the create policy page. You'll next select the "JSON" tab and paste the following json configs:

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
            "Resource": "arn:aws:kms:*:580177110170:key/f66b0a1b-28c7-49a1-82c8-70094dd7e45b"

After creatiing the policy you should see a new policy like this:

For more information please read the AWS docs.

Create Role

Open the "IAM -> Roles" page and click the "Create role" button to create a new IAM role, then select the first box:

In the second step you can input "key" as a word filter to make it easier to find and select the following two policies:

  • "AWSKeyManagementServicePowerUser"

  • The IAM policy we created earlier

Finally, enter the new role name and remember it for future use.

Prepare the security group

Select the "EC2 -> Security Groups" page and choose a security group you want to modify (or create a new one). You'll need to add the following inbound rules:

These input ports will be filtered after the node is started.

Create an EC2 instance

With the preliminary steps out of the way, we can now setup our EC2 instance. First select the region you want your EC2 instance to be deployed to.

In the above image you can see that the "Asia Pacific (Seoul)" region was chosen with the region code "ap-northeast-2". Please keep this region code in mind because this code will be used as the last parameter in the "install" and "start" scripts below.

To ensure a successful instance launch, follow the setup instructions below:

  1. Choose the "Amazon Linux" OS (DO NOT use the default "Amazon Linux 2023 AMI" option):

  1. Choose an instance type that supports nitro. We'll use the "c5a.xlarge":

  1. Use the security group we updated (created) earlier:

  1. (optional) It's better to increase the volume size from 8G to 30G:

  1. In the "Advanced details" tab, use the IAM role we created above:

  1. In the "advanced details" tab set "Nitro Enclave" as enabled:

After successfully launching the EC2 instance, you can access it via ssh and proceed with the next steps of the tutorial.

Use EC2 instance to run a node

Initial install

First you'll need to prepare the TEA node dependencies which should take about 10 minutes.

Please note that the following preparations need only be completed once before starting the node for the first time.

Before running the next few scripts you should have a Machine_ID registered to your ETH address. You can contact us on Telegram to get a Machine_ID.

Run the following command to start or update to the newest TEA software version:

bash -c "$(curl -H "Cache-Control: no-cache" -fsSL"

Or using the following command without prompting (replace the Machine_ID and wallet_ID with your own values):

bash -c "$(curl -H "Cache-Control: no-cache" -fsSL" "" "0x0000000000000000000000000000000000000000000000000000000000000000" "0xbd6D4f56b59e45ed25c52Eab7EFf2c626e083db9" "ap-northeast-2"

The above command uses the region code of ap-northeast-2 but you should change this according to the region you use (i.e. an Oregon server will have a us-west-2 region code).


Make sure you're in. the working directory of the "nitro-build" folder created automatically in the preparation step. If not, then navigate to that folder:

cd ~/nitro-build

Then simply run the following script to start the node with parts both inside and outside the enclave using the same Machine_ID and wallet_address you used during the install process. For example, if 0x0000000000000000000000000000000000000000000000000000000000000000 was the Machine_ID and 0xbd6D4f56b59e45ed25c52Eab7EFf2c626e083db9 was the wallet address:

./ "0x0000000000000000000000000000000000000000000000000000000000000000" "0xbd6D4f56b59e45ed25c52Eab7EFf2c626e083db9" "ap-northeast-2"

The above command uses the region code of ap-northeast-2 but you should change this according to the region you used for your EC2 instance.

Plant the CML

You can now visit the Nitro TApp Store to purchase a CML and plant it inside your machine.

  1. Go to the Nitro TApp Store and click on the TApps tab.

  2. If you don't have a CML, you can bid for one in the Seed Auction TApp. The CML seed will be available one hour after the last placed bid.

  3. After you're done planting, your node is ready to host TApps.

Last updated