downgraded instance type, and added mainnet sample config file

Author: Simon Goldberg

lib/xrp/README.md

@@ -24,6 +24,37 @@ XRP node deployment on AWS. All nodes are configure as ["Stock Servers"](https:/
 2.	The XRP nodes are accessed by dApps or development tools internally through [Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html). RPC API is not exposed to the Internet to protect nodes from unauthorized access.
 3.	The XRP nodes send various monitoring metrics for EC2 to Amazon CloudWatch.
 
+## Well-Architected
+
+<details>
+<summary>Review the for pros and cons of this solution.</summary>
+
+### Well-Architected Checklist
+
+This is the Well-Architected checklist for XRP nodes implementation of the AWS Blockchain Node Runner app. This checklist takes into account questions from the [AWS Well-Architected Framework](https://aws.amazon.com/architecture/well-architected/) which are relevant to this workload. Please feel free to add more checks from the framework if required for your workload.
+
+| Pillar                  | Control                           | Question/Check                                                                   | Remarks          |
+|:------------------------|:----------------------------------|:---------------------------------------------------------------------------------|:-----------------|
+| Security                | Network protection                | Are there unnecessary open ports in security groups?                             | Please note that XRP sync ports remain open for outbound connections; Port 2459 and 51235 (TCP/UDP).  |
+|                         |                                   | Traffic inspection                                                               | AWS WAF could be implemented for traffic inspection. Additional charges will apply.  |
+|                         | Compute protection                | Reduce attack surface                                                            | This solution uses Amazon Linux 2 AMI. You may choose to run hardening scripts on it.  |
+|                         |                                   | Enable people to perform actions at a distance                                   | This solution uses AWS Systems Manager for terminal session, not ssh ports.  |
+|                         | Data protection at rest           | Use encrypted Amazon Elastic Block Store (Amazon EBS) volumes                    | This solution uses encrypted Amazon EBS volumes.  |
+|                         |                                   | Use encrypted Amazon Simple Storage Service (Amazon S3) buckets                  | This solution uses Amazon S3 managed keys (SSE-S3) encryption.  |
+|                         | Data protection in transit        | Use TLS                                                                          | The AWS Application Load balancer currently uses HTTP listener. Create HTTPS listener with self signed certificate if TLS is desired.  |
+|                         | Authorization and access control  | Use instance profile with Amazon Elastic Compute Cloud (Amazon EC2) instances    | This solution uses AWS Identity and Access Management (AWS IAM) role instead of IAM user.  |
+|                         |                                   | Following principle of least privilege access                                    | Privileges are scoped down.  |
+|                         | Application security              | Security focused development practices                                           | cdk-nag is being used with appropriate suppressions.  |
+| Cost optimization       | Service selection                 | Use cost effective resources                                                     | AWS Graviton-based Amazon EC2 instances are being used, which are cost effective compared to Intel/AMD instances.  |
+| Reliability             | Resiliency implementation         | Withstand component failures                                                     | This solution uses AWS Application Load Balancer with RPC nodes for high availability. |
+|                         | Resource monitoring               | How are workload resources monitored?                                            | Resources are being monitored using Amazon CloudWatch dashboards. Amazon CloudWatch custom metrics are being pushed via CloudWatch Agent.  |
+| Performance efficiency  | Compute selection                 | How is compute solution selected?                                                | Compute solution is selected based on best price-performance, i.e. AWS Graviton-based Amazon EC2 instances.  |
+|                         | Storage selection                 | How is storage solution selected?                                                | Storage solution is selected based on best price-performance. |
+| Operational excellence  | Workload health                   | How is health of workload determined?                                            | Health of workload is determined via AWS Application Load Balancer Target Group Health Checks, on port 8545.  |
+| Sustainability          | Hardware & services               | Select most efficient hardware for your workload                                 | This solution uses AWS Graviton-based Amazon EC2 instances which offer the best performance per watt of energy use in Amazon EC2.  |
+
+</details>
+
 ## Setup Instructions
 
 ### Open AWS CloudShell

lib/xrp/sample-configs/.env-sample-mainnet

@@ -0,0 +1,12 @@
+AWS_ACCOUNT_ID="xxxxxxxxxxx"
+AWS_REGION="xxxxxxxxxx"
+XRP_INSTANCE_TYPE="i3.2xlarge"         #The solution was originally tested with the r7a.12xlarge instance type. Other instance types may work, but have not been extensively tested. i3.2xlarge is recommended for use by XRP Ledger
+XRP_CPU_TYPE="x86_64" # All options: "x86_64". ARM currently not supported
+DATA_VOL_TYPE="gp3"                    # Other options: "io1" | "io2" | "gp3" | "instance-store" . IMPORTANT: Use "instance-store" option only with instance types that support that feature, like popular for node im4gn, d3, i3en, and i4i instance families
+DATA_VOL_SIZE="2000"                   # Current required data size to keep both smapshot archive and unarchived version of it
+DATA_VOL_IOPS="12000"                  # Max IOPS for EBS volumes (not applicable for "instance-store")
+DATA_VOL_THROUGHPUT="700"
+XRP_HA_ALB_HEALTHCHECK_GRACE_PERIOD_MIN="60"
+XRP_HA_NODES_HEARTBEAT_DELAY_MIN="5"
+XRP_HA_NUMBER_OF_NODES="2"
+HUB_NETWORK_ID="mainnet"

lib/xrp/sample-configs/.env-sample-testnet

@@ -1,6 +1,6 @@
 AWS_ACCOUNT_ID="xxxxxxxxxxx"
 AWS_REGION="xxxxxxxxxx"
-XRP_INSTANCE_TYPE="r7a.12xlarge"
+XRP_INSTANCE_TYPE="i3.2xlarge"         #The solution was originally tested with the r7a.12xlarge instance type. Other instance types may work, but have not been extensively tested. i3.2xlarge is recommended for use by XRP Ledger
 XRP_CPU_TYPE="x86_64" # All options: "x86_64". ARM currently not supported
 DATA_VOL_TYPE="gp3"                    # Other options: "io1" | "io2" | "gp3" | "instance-store" . IMPORTANT: Use "instance-store" option only with instance types that support that feature, like popular for node im4gn, d3, i3en, and i4i instance families
 DATA_VOL_SIZE="2000"                   # Current required data size to keep both smapshot archive and unarchived version of it