Forem: Anthony Law

Symbol Mosaic Revocation Transaction In Metaverse

Anthony Law — Wed, 01 Dec 2021 10:24:39 +0000

Introduction

In the new catapult-client v1.0.3.0, Symbol has added a Mosaic Supply Revocation transaction type and a Revokable mosaic flag.

Mosaic Supply Revocation allows the mosaic creator to collect back any mosaics flagged as Revokable from whoever holds them, at anytime.

How it works

The Mosaic Supply Revocation transaction only works with Revokable Mosaics.

As an example, imagine a private property in the XYM City metaverse, where you must have access permission from the property owner to enter.

Let's assume a private property called Bull Fight Club. Users must own a BFC.daily-pass mosaic to enter the club, which can be purchased from the counter.

Bull Fight Club will issue one BFC.daily-pass revokable mosaic to a user once received the 10 XYM payment.

When daily pass expires, Bull Fight Club can issue a Mosaic Supply Revocation transaction to collect back the BFC.daily-pass without user interaction.

Example code

Create revokable mosaic

I just want to highlight the new code. Refer to the full example here.

When creating Revokable mosaics, I suggest you also make Transferable=false to prevent the recipient from transferring the mosaic to another account. Otherwise, recovering the mosaic will be harder.

const BFC_Operator = Account.createFromPrivateKey(privateKey, networkType);

const isSupplyMutable = true;
const isTransferable = false; <-- prevert recipient trasfer to other
const isRestrictable = true;
const isRevokable = true; <--- New flag

const nonce = MosaicNonce.createRandom();
const mosaicDefinitionTransaction = MosaicDefinitionTransaction.create(
  Deadline.create(epochAdjustment),
  nonce,
  MosaicId.createFromNonce(nonce, BFC_Operator.address),
  MosaicFlags.create(isSupplyMutable, isTransferable, isRestrictable, isRevokable),
  0, // divisibility
  UInt64.fromUint(0), // duration
  networkType,
);

Mosaic Supply Revocation transaction

This transaction allows the mosaic owner to collect back revokable mosaic from the specified holder.

const mosaicSupplyRevocationTransaction = MosaicSupplyRevocationTransaction.create(
  Deadline.create(epochAdjustment),
  holderAddress,
  new Symbol.Mosaic(new 
    Symbol.MosaicId('revokable_mosaic_id'), 
    Symbol.UInt64.fromUint(1)), // mosaic unit 
  networkType,
  maxFee,
)

Summary

The Revokable mosaic flag and the Mosaic supply revocation transaction are super handy for the business operator who likes to control supply and reuse mosaics.

In my opinion, the benefit to using it is that the owner of the mosaic can easily control the mosaic supply, and collect back the mosaics without the user paying any fees. The downside is that the holder of the mosaic does not have any control over it.

Just be cautious, revokable mosaics are not suitable to represent currency/token or share. When doing any mosaic trading, always ensure you understand the mosaic flags and purpose. Keep in mind that any received revokable mosaics can be reclaimed at any time without your consent!

If you would like to know more about Symbol, please join the Discord.

Special thanks to Xavi for reviewing this article.

Symbol-GraphQL Server

Anthony Law — Mon, 07 Dec 2020 18:02:01 +0000

I'm a big fan of GraphQL. I had been following them quite some times but did not have the opportunity to work on it for any project.

Besides that, Symbol is my favorite blockchain project. I like to take this opportunity to build something cool.

I decided to build Symbol-graphql as my personal side project. I hope it can benefit the Symbol or NEM community with this project.

What is Symbol-GraphQL.

Before that, you may wonder what GraphQL is.

GraphQL is developed by Facebook and open source in 2015. It's a query language for frontend developers in executing queries with existing data. Besides, it can optimize REST API calls. It gives a declarative way of fetching and updating your data. If you are interested, get more detail can visit GraphQL.

Summary, Graphql provided a single endpoint responsible for accepting queries, rather than relying on the REST API approach of having separate endpoints for each service.

So I believe you have an idea of what is Symbol-graphql. It not to replace REST API getaway, but It provides an alternative way to retrieve symbol blockchain data just write the query.

In Symbol-grahpql server we will use symbol-openapi as a data source, and use Graphql-mesh to setup graphql server.

What makes it different

I hope the diagram can make you understand. The client can define the data we need, and make a single request to the graphql server endpoint, and the symbol-graphql server will take care and handle the rest of the communication into the Symbol API node.

Why should use GraphQL in Symbol.

As GraphQL server is provided a lot of benefit between frontend and backend development.

Developer can always define different types of data in the client application, without altering the backend server in the REST API server.
It has a huge improvement for data transfer speed between the Client application and network, you may need to request 3 API endpoints to get the data, rather than just request a single query from the symbol-graphql server.
It reduces network cost because it uses less bandwidth to transfer data. A big plus for mobile applications.
It enhances client application performance and efficiency because it takes less time to load data from the network.

Playground

The Playground is a user interface to allow users to interact with the graphql server. You can write or test any query inside the playground interface before doing any development.

The Left side window in the Playground is allowed users to write queries. Play button is for executing the query, and the Right side window is showing the result.

To check out more data types and schemes, you can click on Docs and Schemas on the right side.

Tips: Press Ctrl + Space (or use Shift + Space as an alternate keyboard shortcut) to bring up the auto-complete window and Ctrl + Enter to run the GraphQL query.

let try it Playground.

How to implement symbol-graphql in your project.

These are a few of the graphql client libraries you can install in your project. One of my favorites client is Apollo

I will update more info and setup once have more free time.

Conclusion

Symbol-graphql server still in the early development stage, other than block schemes, the rest still working in progress such as Account, Transaction, Mosaic, Namespace and etc, and of course, it supports all the query import from symbol-openapi as well.

I'm welcome anyone from the community who is interested and like to contribute and work together.

Check out on Github: Symbol-graphql

Setup catapult node using Terraform

Anthony Law — Wed, 18 Dec 2019 01:23:11 +0000

Catapult harvesting reward program is so attractive, you may want to learn how to setup node for harvesting before the mainnet is up.

I like to share with you how you can write an infrastructure as code to deploy your catapult server in your terminal.

Introduction

Terraform is very powerful tools for devops, it can write a plan (infrastructure as code) and manage your cloud service.

as mentioned cloud service, there is a list of the cloud provider supported by terraform, in this case, it using Digital Ocean (DO). In case you are not DO user, register uses my referrals link, you will get $100 in credit over 60 days.

Write a plan to setup the infrastructure, and some of the script you wish to execute after server provision completed.
Terraform will follow the "plan" to execute, starting provision a server.
After the provision is completed, it will start to execute all the script.
The script will start pulling catapult server code from GitHub plus install essential tools such as docker.

Objectives

Provision server from Digital Ocean.
Install essential tools such as docker.
download catapult server code from Github.
Deploy catapult node and join Testnet.
Deploy all in terminal.

Prerequisites

Install Terraform in your local machine
Register DO account

Hands-on

1. DO Account Setup (you can skip, if you already have it)
Add ssh-key in your DO account, it's easy for terminal ssh access to Droplet later.

1.1 let generate ssh key without passphrase in your local machine.

ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/catapult_node

1.2 copy catapult_node.pub to DO account. Tutorial

1.3 create access token for later terraform use. Tutorial

2. Terraform
If you are new in Terraform, can start from here

let write infrastructure plan, I created 4 different files, which is firewall.tf, main.tf, variables.tf, output.tf

In firewall.tf, we need define few inbound port for catapult use.

resource "digitalocean_firewall" "catapult-node" {
    name = "ssh-and-catapult-port"
    droplet_ids = ["${digitalocean_droplet.catapult-node.id}"]

    inbound_rule {
        protocol         = "tcp"
        port_range       = "22" // ssh access 
        source_addresses = ["0.0.0.0/0", "::/0"]
    }

    inbound_rule {
        protocol         = "tcp"
        port_range       = "3000" // Catapult Api endpoint
        source_addresses = ["0.0.0.0/0", "::/0"]
    }

    inbound_rule {
        protocol         = "tcp"
        port_range       = "7900-7902" // Catapult peer communication
        source_addresses = ["0.0.0.0/0", "::/0"]
    }
}

In variables.tf, define the variables need to be use in the server provision. here we need DO access token, and private_key for ssh login. so we no longer need for password.

variable "do_token" {
    default = "your_DO_Access_Token" // refer 1.3
}

variable "private_key" {
    default = "~/.ssh/catapult_node" // refer 1.1
}

In output.tf, print out the output return from Terraform. After Terraform successful provision, it will print the server ip address in terminal.

output "fip_output" {
    description = "Droplet ipv4 address"
    value = "${digitalocean_droplet.catapult-node.*.ipv4_address}"
}

Last main.tf, this is an important part because all the server spec and script execution will be here.

// We are pointing "digitalocean" as our provider.
provider "digitalocean" {
  token = "${var.do_token}"
}

// request ssh public key from DO account refer 1.2
data "digitalocean_ssh_key" "mykey" {
  name = "catapult_node"
}

// define droplet spec
// https://developers.digitalocean.com/documentation/v2/#list-all-sizes
// define server spec base on your need.
resource "digitalocean_droplet" "catapult-node" {
    image = "ubuntu-18-04-x64"
    name = "catapult-node-1"
    region = "sgp1"
    size = "s-1vcpu-2gb" // server spec
    ssh_keys = ["${data.digitalocean_ssh_key.mykey.id}"] // attach public key from my DO account

// script to install docker tools and git pull catapult-server-code
    provisioner "remote-exec" {

      inline = [
        "export PATH=$PATH:/usr/bin",
        "curl -fsSL https://get.docker.com -o get-docker.sh",
        "sudo sh get-docker.sh",
        "curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` | sudo tee /usr/local/bin/docker-compose > /dev/null",
        "sudo chmod +x /usr/local/bin/docker-compose",
        "sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose",
        "git config --global --unset http.proxy",
        "git config --global --unset https.proxy",
        "git clone https://github.com/nemfoundation/catapult-testnet-bootstrap.git",
        "cd catapult-testnet-bootstrap/api-harvest-assembly",
        "sudo docker-compose up --build --detach"
      ]

// for SSH connection to execute script
      connection {
        type     = "ssh"
        private_key = "${file(var.private_key)}"
        user     = "root"
        timeout  = "2m"
        host = "${self.ipv4_address}"
      }
  }
}

play around with

git clone https://github.com/AnthonyLaw/catapult-terraform

cd catapult-terraform

terraform init - to init terraform project.

terraform apply - to create droplet in your DO account

// output message
...
...
digitalocean_droplet.catapult-node (remote-exec): Creating api-harvest-assembly_db_1 ...
digitalocean_droplet.catapult-node (remote-exec): Creating api-harvest-assembly_api-broker_1 ...
digitalocean_droplet.catapult-node (remote-exec): Creating api-harvest-assembly_store-addresses_1        ... done
digitalocean_droplet.catapult-node (remote-exec): Creating api-harvest-assembly_api-broker_1             ... done
digitalocean_droplet.catapult-node (remote-exec): 
digitalocean_droplet.catapult-node (remote-exec): Creating api-harvest-assembly_update_vars_1            ... done
digitalocean_droplet.catapult-node (remote-exec): 
digitalocean_droplet.catapult-node (remote-exec): Creating api-harvest-assembly_init-db_1                ... done
digitalocean_droplet.catapult-node (remote-exec): Creating api-harvest-assembly_rest-gateway_1           ... done
digitalocean_droplet.catapult-node (remote-exec): 
digitalocean_droplet.catapult-node: Still creating... [3m40s elapsed]
digitalocean_droplet.catapult-node: Creation complete after 3m45s [id=171927070]
digitalocean_firewall.catapult-node: Creating...
digitalocean_firewall.catapult-node: Creation complete after 9s [id=98a6e7ed-c54a-4c0c-91b0-f0848fabfa68]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

Outputs:

fip_output = [
  "104.248.153.68",
]

Once Apply complete, you can visit <ip>:3000/chain/height to ensure your catapult server are successful setup.

terraform destroy - to destroy droplet in your DO account

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

digitalocean_firewall.catapult-node: Destroying... [id=98a6e7ed-c54a-4c0c-91b0-f0848fabfa68]
digitalocean_firewall.catapult-node: Destruction complete after 10s
digitalocean_droplet.catapult-node: Destroying... [id=171927070]
digitalocean_droplet.catapult-node: Still destroying... [id=171927070, 10s elapsed]
digitalocean_droplet.catapult-node: Still destroying... [id=171927070, 20s elapsed]
digitalocean_droplet.catapult-node: Destruction complete after 22s

Destroy complete! Resources: 2 destroyed.

Summary

Once your catapult node is up and running, you can easy change your harvesterPrivateKey and beneficiaryPublicKey in your node.

With Terraform, you can easy to write the infrastructure plan to setup any server and join the catapult network.

NEM Catapult for common use Multisig Account

Anthony Law — Tue, 10 Dec 2019 12:54:09 +0000

Integrate blockchain account into existing user management system.

They are a lot of companies are interested in integrating blockchain into the current existing system. The first thing how to integrate the blockchain Account (wallet) to pair with their current existing user.

The most common solution is to help the user to manage the private key and store it into a database.

In my opinion, the first may user don't know how to take care of the private key, because the private key never recovers like “password”. Another reason it may be hard to do a secure way in a smart contract.

That is not a good solution, because it’s not the decentralized solution and account security is not guaranteed. The blockchain account asset can be controlled by the company or the system admin. In security-wise, if the system admin accidentally deletes the database, otherwise the company needs to spend extra cost to maintain the database.

Introduce NEM Catapult Blockchain

It’s a powerful blockchain engine, as a developer, it’s easy to implement and fast to integrate into any existing system.

Catapult provided a lot of on-chain features, which multisig account is one of it, and we will be using Multisig Account to apply into user management solution.

In this example, the company name called Catapult Academy provided NEM catapult related training and let participate enroll exam. Once the exam pass, Catapult Academy will certify the participant.

The company like to Integrate NEM blockchain into the current existing system, to make the user traceability, in the future, all digital certificate will distribution via NEM blockchain.

Integrate Multisig Account to existing user in database

In this diagram, we link 3 NEM Account as cosignatories to Multisig Account. In this example, we have Catapult Academy Admin, User Management Admin and User.

With this solution

Users able to control the Multisig account by his own account.
Every transaction detail can track using the Multisig Account.
The multisig Account condition need to configure 1 minimum approval and 2 minimum removal.

1 minimum approval

User can directly to interact with his multisig Account, without anyone else permission.

2 minimum removal

Only Catapult Academy Admin and User Management Admin can remove the User cosigner public key if users lose the account.

In the solution, user are freely control the multisig account, even if user lose the account, user can just recreate the new NEM account and link back to multisig account.

High level overview flow (onboard user)

User have to submit public key to the system.
Once user public key available, system will generate Multisig account and prepare multisig tranaction.
- System can randomly generate Multisig Account
- Multisig configuration
Announce Aggregate bonded transaction to network.
Update Multisig Account in existing user database.
Related cosignatories must cosign the transaction.

Highlight

// Random account generation
const { Account, NetworkType } = require('nem2-sdk')
Account.generateNewAccount(NetworkType.TEST_NET)

// Convert NEM account to Multisig account
const multisigAccountModificationTransaction = MultisigAccountModificationTransaction.create(
    Deadline.create(),
    1, // minimum approval
    2, // minimum removal
    [userManagementAdminAccount.publicAccount, catapultAcademyAdminAccount, userAccount],
    [],
    NetworkType.TEST_NET,
    UInt64.fromUint(200000) // fees
);

High level overview flow (update publickey for exisitng multisig account)

User have to submit new public key to system.
System will prepare Multisig account modification.
- Retrive the old user public key from multisig account.
- Remote old user public key and assign the new user public key to multisig account.
Announce aggregate bonded transaction to network.
Related cosignatories must cosign the transaction.

Highlight

// Retrive cosignatories and fliter old user public key

const multisigHttp = new MultisigHttp(endpoint);
let oldUserPublicKey = await multisigHttp
    .getMultisigAccountInfo(MutlisigAccount)
    .toPromise()

// Remote `old user public key` and assign the `new user public key` to multisig account

const multisigAccountModificationTransaction = MultisigAccountModificationTransaction.create(
    Deadline.create(),
    0,
    0,
    [newUserAccount], // Add 
    [oldUserAccount], // Remote
    networkType,
    UInt64.fromUint(200000)); // Fees

Summary

As we can see, with this solution, everything is tracking on-chain decentralized. The user database just only needs to add a multisig account record. The benefit for this design, decentralized account management, worry-free for users lose the private key, it won't affect the multisig account. It may be expensive to create Multisig account for every user, but for the long term, it's more secure and gains the decentralized advantage on the blockchain.

I believe the solution can implement in many areas, such as National Voting, Exchange Catapult Wallet, Foreigner digital ID border control and etc.

Terraform for Beginner - AWS

Anthony Law — Sat, 01 Jun 2019 15:52:30 +0000

Learning journey #RoadToDevOps

Last week I pick Terraform as my study and learning topic.

Terraform are very useful and powerful tools for DevOps development, it allows you writing a plan (Infrastructure as Code) and manage your cloud service.

which mean you can write a cloud infrastructure in coding, such as define how many instanse services, what port number you should active in the firewall. It's interesting to handling so many servers just a few lines of code.

Introduction

By using Terrafrom to deploy a virtual machine (ubuntu OS) in AWS EC2.

Objectives

In this article, you should able:

Setup AWS account
Use Basic Terraform-CLI command
Writing Terraform Language (HCL)
Deploy Virtual machine (EC2) in AWS cloud.

AWS Setup

If you are new in AWS please sign up here enjoy AWS Free Tier

We need User's Access Key ID and Secret Key ID from AWS User, and grant promission to User with AmazonEC2FullAccess.

if you dont know how to create user -> watch this

Terraform

Ensure your machine are Install Terraform.

We know if you writing in javascript programming, you will name the file extension as *.js. In Terraform the will define the extension as *.tf and using JSON format or HCL (HashiCorp Configuration Language).

You may feel strange what is HCL (HashiCorp Configuration Language). No worry, It's not complicated and easy to learn and understand. HCL Docs

Once you have done your *.tf script, you have to use Terrform-CLI to execute tf files.

Hands-on

We will use keywords from HCL.

keywords	description	example
provider	define cloud service provider	aws, google
resource	define the resource we will use	aws_instance, google_compute_instance
variable	define variable	-
output	print output after executed	-

We will use keywords from Terraform CLI.

keywords	description
init	To init terraform project in the folder
plan	To evaluate current your infrastructure from `*.tf`
apply	To add all define resources.
show	To list resource infomation and current state
destroy	To remove all defined resources.

start

Create a folder in your machine.
create a files my-first-vm.tf.
Open the files in the editor and start code.

# my-first-vm.tf

# We are pointing "aws" as our provider.

provider "aws" {
    region = "ap-southeast-1"
    access_key = "<access-key-from-aws-user>"
    secret_key = "<secret-key-from-aws-user>"
}

command:

$ terraform init

Initializing provider plugins...

The following providers do not have any version constraints in configuration,
so the latest version was installed.

* provider.aws: version = "~> 2.12"

Terraform has been successfully initialized!

append resource "aws_instance" in my-first-vm.tf

provider "aws" {...}

resource "aws_instance" "ec2" { # I called name "ec2", you can change it
  ami = "ami-0dad20bd1b9c8c004" # Image: Ubuntu Server 18.04 LTS (HVM), SSD Volume Type
  instance_type = "t2.micro" # VM Spec
}

command:

$ terraform plan

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + aws_instance.ec2
      id:                           <computed>
      ami:                          "0dad20bd1b9c8c004"
      arn:                          <computed>
      associate_public_ip_address:  <computed>
      availability_zone:            <computed>
      cpu_core_count:               <computed>
      cpu_threads_per_core:         <computed>
      ebs_block_device.#:           <computed>
      ephemeral_block_device.#:     <computed>
      get_password_data:            "false"
      host_id:                      <computed>
      instance_state:               <computed>
      instance_type:                "t2.micro"
      ipv6_address_count:           <computed>
      ipv6_addresses.#:             <computed>
      key_name:                     <computed>
      network_interface.#:          <computed>
      network_interface_id:         <computed>
      password_data:                <computed>
      placement_group:              <computed>
      primary_network_interface_id: <computed>
      private_dns:                  <computed>
      private_ip:                   <computed>
      public_dns:                   <computed>
      public_ip:                    <computed>
      root_block_device.#:          <computed>
      security_groups.#:            <computed>
      source_dest_check:            "true"
      subnet_id:                    <computed>
      tenancy:                      <computed>
      volume_tags.%:                <computed>
      vpc_security_group_ids.#:     <computed>


Plan: 1 to add, 0 to change, 0 to destroy.

it showing infrastructure going to execute, you will see computed it's because the terraform will help you assign the value, if you are not defined.

In additional, you see Plan: 1 to add, 0 to change, 0 to destroy. it mean 1 resource will be executed.

So in this stage, actually you already completed setup an instance.

command:

$ terraform apply
Terraform will perform the following actions:

  + aws_instance.ec2

...

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

...

aws_instance.ec2: Still creating... (10s elapsed)
aws_instance.ec2: Still creating... (20s elapsed)
aws_instance.ec2: Creation complete after 22s (ID: i-083d6c6c7b01d1640)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Congratulations, you are successful setup an instance EC2 in AWS, you may login and check it out in AWS dashboard.

Try on this command to get resource infomation.

$ terraform show 

aws_instance.ec2:
  id = i-083d6c6c7b01d1640
  ami = ami-0dad20bd1b9c8c004
  arn = arn:aws:ec2:ap-southeast-1:907443295242:instance/i-083d6c6c7b01d1640
  associate_public_ip_address = true
...
...

!!!!

But wait, how you able to access without setup ssh in the firewall.

let append resource "aws_security_group" in my-first-vm.tf

provider "aws" {...}

resource "aws_instance" "ec2" {...}

# Setup aws_security_group with SSH access

resource "aws_security_group" "allow_ssh" {
  name        = "allow ssh"
  description = "only ssh"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "TCP"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
  }
}

Now we have let our "ec2" instance to apply "aws_security_group" we define, and also assign keypair for the instance.

so we can use the keypair to access instance with port ssh 22.

if you dont know how to create keypair in AWS, watch this

provider "aws" {...}

resource "aws_instance" "ec2" { # I called name "ec2", you can change it
  ami = "ami-0dad20bd1b9c8c004" # Image: Ubuntu Server 18.04 LTS (HVM), SSD Volume Type
  instance_type = "t2.micro" # VM Spec
  security_groups = ["${aws_security_group.allow_ssh.name}"]
  key_name = "aws-anthony"
}

# Setup aws_security_group with SSH access

resource "aws_security_group" "allow_ssh" {...}

command:

$ terraform apply
aws_instance.ec2: Refreshing state... (ID: i-083d6c6c7b01d1640)

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
-/+ destroy and then create replacement

Terraform will perform the following actions:

-/+ aws_instance.ec2 (new resource required)
...
...

+ aws_security_group.allow_ssh
...
...

Plan: 2 to add, 0 to change, 1 to destroy.
...
...
...
aws_instance.ec2: Still creating... (10s elapsed)
aws_instance.ec2: Still creating... (20s elapsed)
aws_instance.ec2: Creation complete after 32s (ID: i-079e9b8c1d98e4af5)

Apply complete! Resources: 2 added, 0 changed, 1 destroyed.

You may see it's different from just now, because terraform will keep track all resource status in *.tfstate.
So it shows that, it will destroy the previous instance and recreate again.

great, you now can check it out in your AWS dashboard.

finally, you successfully create an instance in Ubuntu OS. It's trouble to login AWS dashboard and checking what is the instance public ip address.

you may use output keywords to display the public IP address.

provider "aws" {...}

resource "aws_instance" "ec2" {...}

resource "aws_security_group" "allow_ssh" {...}

output "showPublicIP" {
  value = "${aws_instance.ec2.*.public_dns}"
}

$ terraform apply 

aws_security_group.allow_ssh: Refreshing state... (ID: sg-0ca7e9133a701f216)
aws_instance.ec2: Refreshing state... (ID: i-079e9b8c1d98e4af5)

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

showPublicIP = [
    ec2-3-0-184-126.ap-southeast-1.compute.amazonaws.com
]

ssh -i aws-anthony.pem ubuntu@ec2-3-0-184-126.ap-southeast-1.compute.amazonaws.com

Summary

Terraform always execute the *tf in folder, each infrastructure should create a folder, such as aws-instance or google-instance.

if you feel put everything in 1 .tf file is to mess, you may seperate in different .tf such as aws_provider.tf , aws_security.tf

example code

store sepearte example