After your onboarding as an organisation in Liminal Vaults, you can deploy Multi-Party Computation (MPC) infrastructure on your servers for full control over your keys and assets. This infrastructure includes the necessary software and network resources to securely execute MPC, ensuring that sensitive data is processed safely and privately. Assign a DevOps specialist from your organisation to help with deploying MPC infrastructure on AWS using the following steps.

Prerequisites

Provide AWS account ID of your organisation to Liminal for whitelisting.
Provide the AWS region in which you want to deploy the MPC infrastructure.
Ensure that you have IAM users with administrative access to AWS, who can perform MPC deployment.
Ensure that you have existing SSH keys in your AWS account. If not, create a new one.
Go to EC2 Dashboard > Network & Security > Key Pair in the left panel and check for the .pem key. If it doesn’t exist, then create a new one.
Ensure that your elastic IP has an available quota for your region. In the EC2 Dashboard, go to EC2 Dashboard > Elastic IPs in the left panel and check whether the quota is fully used or not.

Deploy MPC on AWS

Take the following steps to deploy MPC on your AWS server.

Log into your AWS account and go to your EC2 Dashboard.
Select your region using the dropdown on top of the screen.
Select Images > AMIs in the left panel.
Select the Owned by me dropdown and then select Private images.
Search for the private image of MPC shared by Liminal in the search bar. This is the AMI which will be used in the CloudFormation script shared by Liminal.
Open CloudFormation. Select Create stack and then select New resources.
Under Specify template, in the Amazon s3 URL field, copy and paste any one of the following URLs:
- Testing environment
- Production environment
Select Next to go to the next screen.
Under Provide a stack name, in the stack name field, enter the name of the stack (without spaces).
Under VPC configuration, select the VPCid and then select 2 public subnets from the dropdown belonging to the selected VPC.
Under RDS Configuration, in the RDSInstanceType field, select the database instance type from the dropdown, rest all fields can be left default. It is advised to select t3.large to avoid the risk of failure.
Under EC2 Configuration, in the InstanceType field, select the instance from the dropdown. It is advised to select m5.large to avoid the risk of failure.
In the KeyName field, select a key pair from the dropdown.
In the SSHLocation field, enter the IP address in CIDR format, for example 3.1.5.67/32, which is where you will log into your new EC2 instance.
In the AllowAPIAccessFrom field, enter the IP address of your application server in CIDR format, such as 3.1.5.67/32, which is where you will connect to Liminal SDK APIs.
Under Passwords, in the TarPassword field, enter a strong alphanumeric password. You will require this password to open a password-protected zip file in your S3 bucket.
Review your changes, tick the acknowledgement box and then select Submit to submit your changes.
Wait until all 18 resources are generated and the stack creation is completed.

Important: To prevent accidental deletion of your stack, go to the Stack actions dropdown on top right of your screen. Select Edit termination protection > Activated, and then save it.

Wait until all 18 resources are generated and the stack creation is completed.
Once the stack creation is completed, go to the S3 bucket which is created by the Stack.
Wait until the zip file is populated in the S3 bucket under Objects, containing all the important modules and components required for MPC.
Download this file to store a copy of it in the vault or password manager. This file can be opened using TarPassword that you created earlier.
Go to your EC2 Dashboard. Select Instances > Instances in the left panel. Select the instance that is created.
Log in and run the command docker ps to check if both the containers are running, as shown in the following screenshot.

Run the following commands to verify the installation.
1. curl http://localhost:8000/version
2. curl http://localhost:8081/info

Note that the version number in the above screenshot is for reference only. Your actual version may differ.

Run the following command by entering your elasticip to verify that your MPC server is running successfully.
curl http://elasticip:8081/info