Cloud Deployment
Deploy Ethereum nodes on AWS, GCP, or Azure. Learn about instance selection, storage optimization, and cost management.
Cloud Providers
AWS
Most popular choice with extensive blockchain-optimized instances.
Recommended Instance Types
| Instance | CPU | RAM | Storage | Est. Cost |
|---|---|---|---|---|
r6i.2xlarge | 8 vCPU | 64 GB | EBS gp3 | ~$300/mo |
r6i.4xlarge | 16 vCPU | 128 GB | EBS io2 | ~$600/mo |
i3en.2xlarge | 8 vCPU | 64 GB | 2x 2.5TB NVMe | ~$500/mo |
Tips
- Use gp3 EBS volumes (minimum 16,000 IOPS for full sync)
- Consider i3en instances with local NVMe for best performance
- Use Reserved Instances for 30-60% savings
- Place nodes in regions close to your users
GCP
Excellent network performance and persistent disk options.
Recommended Instance Types
| Instance | CPU | RAM | Storage | Est. Cost |
|---|---|---|---|---|
n2-highmem-8 | 8 vCPU | 64 GB | SSD PD | ~$280/mo |
n2-highmem-16 | 16 vCPU | 128 GB | SSD PD | ~$560/mo |
c2d-highmem-8 | 8 vCPU | 64 GB | Local SSD | ~$350/mo |
Tips
- Use SSD Persistent Disks with high IOPS
- Consider Committed Use Discounts (1 or 3 year)
- Use c2d instances for compute-intensive workloads
- GCP has excellent network egress pricing
Azure
Strong enterprise features and hybrid cloud capabilities.
Recommended Instance Types
| Instance | CPU | RAM | Storage | Est. Cost |
|---|---|---|---|---|
E8as_v5 | 8 vCPU | 64 GB | Premium SSD | ~$290/mo |
E16as_v5 | 16 vCPU | 128 GB | Premium SSD | ~$580/mo |
L8s_v3 | 8 vCPU | 64 GB | 1.92TB NVMe | ~$450/mo |
Tips
- Use Premium SSD v2 for best performance
- L-series VMs have local NVMe storage
- Consider Azure Reserved VM Instances
- Use Availability Zones for high availability
Storage Recommendations
Full Node
- Minimum Size1 TB
- Recommended2 TB NVMe
- IOPS Required16,000+
- Throughput500+ MB/s
Archive Node
- Minimum Size14 TB
- Recommended16+ TB NVMe
- IOPS Required32,000+
- Throughput1000+ MB/s
Storage Performance is Critical
Slow storage is the #1 cause of sync issues. Always use NVMe or high-IOPS SSD. Never use standard HDD or magnetic storage.
Infrastructure as Code (AWS)
# Ethereum Node on AWS
provider "aws" {
region = "us-east-1"
}
# VPC and Security Group
resource "aws_security_group" "ethereum_node" {
name = "ethereum-node"
description = "Security group for Ethereum node"
ingress {
description = "P2P TCP"
from_port = 30303
to_port = 30303
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "P2P UDP"
from_port = 30303
to_port = 30303
protocol = "udp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "RPC (restrict in production)"
from_port = 8545
to_port = 8545
protocol = "tcp"
cidr_blocks = ["10.0.0.0/8"] # Internal only
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# EC2 Instance
resource "aws_instance" "ethereum_node" {
ami = "ami-0c55b159cbfafe1f0" # Ubuntu 22.04
instance_type = "r6i.2xlarge"
root_block_device {
volume_size = 50
volume_type = "gp3"
}
security_groups = [aws_security_group.ethereum_node.name]
tags = {
Name = "ethereum-node"
}
}
# EBS Volume for Blockchain Data
resource "aws_ebs_volume" "blockchain_data" {
availability_zone = aws_instance.ethereum_node.availability_zone
size = 2000 # 2 TB
type = "gp3"
iops = 16000
throughput = 500
tags = {
Name = "ethereum-data"
}
}
resource "aws_volume_attachment" "blockchain_data" {
device_name = "/dev/xvdf"
volume_id = aws_ebs_volume.blockchain_data.id
instance_id = aws_instance.ethereum_node.id
}Cost Optimization
Typical Cost Breakdown
VM instances, Reserved capacity
SSD/NVMe volumes, Snapshots, Backups
Data transfer, Load balancers, IPs
Monitoring, Logging, DNS
Cost Saving Tips
Reserved Instances
Save 30-60% with 1-3 year commitments
Spot Instances for Non-Critical
Use spot for read replicas, up to 90% savings
Right-Size Storage
Provision only what you need, expand later
Snapshot Management
Keep snapshots in cheaper storage tiers
Estimated Monthly Costs
$200-300
Single Full Node
$500-800
HA Setup (3 nodes)
$800-1200
Archive Node
Security Best Practices
Network Security
- • Place nodes in private subnets
- • Use VPN or bastion for SSH access
- • Restrict RPC to internal networks only
- • Use security groups/firewall rules
Data Protection
- • Encrypt EBS volumes at rest
- • Use TLS for RPC connections
- • Regular automated backups
- • Rotate JWT secrets periodically
Access Control
- • Use IAM roles, not access keys
- • Implement least-privilege access
- • Enable CloudTrail/audit logging
- • Use MFA for all admin access
Monitoring
- • Set up CloudWatch/Stackdriver alerts
- • Monitor for unusual API patterns
- • Track failed authentication attempts
- • Enable DDoS protection (Shield/Armor)