Getting Started

Cloud Setup

Cloud setup is an advanced topic.

The ideal setup for running Trademade is in the cloud. A cloud setup provides enhanced reliability and requires very little maintenance after the initial set up.

This guide will describe how to set up Trademade to run in Amazon EC2. Although this guide is specific to EC2, any other cloud provider could be used.

This guide makes some assumptions:

  • You have an AWS account and basic familiarity with EC2.
  • Familiarity with the Linux command line.
  • Familiarity with ssh.

Prerequisites

To run Trademade in the cloud, it's best to set up a secondary login account with Interactive Brokers. This ensures that Trademade will not lose its market data connections if you log in to TWS from another computer or from mobile.

The secondary login account requires a separate set of market data subscriptions. See the Prerequisites section for a listing of the required subscriptions.

It usually takes a few days for Interactive Brokers to provision a secondary account.

Once the secondary login account has been created, it's best to secure it in the following ways:

  • Remove all permissions from the account, other than trading permissions.
  • Add IP restrictions so that the account can only be logged into from your EC2 instance (using an Elastic IP).

For AWS, it's recommended to enable encryption by default.

Custom AMI

Trademade has built a custom AMI (Amazon Machine Image) that has all of the required dependencies:

  • IB Gateway (version 1019).
  • IBC is used to automate the operation of IB Gateway.

The AMI can be accessed from the Account page. You'll need to provide your AWS account ID to obtain access.

Once you have access, launch a new EC2 instance using the Trademade AMI. The instance should be in the us-east-1 region. The recommended instance type is a t3.small (t2 instances are fine as well) instance with 2GB RAM. Provision 16GB of gp3 storage for the instance.

When setting up a security group, SSH is the only required inbound rule, and it should be configured to only allow access from your IP address.

Once the instance has been set up, provision an Elastic IP address and assign it to the instance.

Configuration

Once the instance has started and is available, use an SSH client to ssh to the instance. The login username is ubuntu, and you must use public key authentication, using the keypair you specified when creating the instance.

The configuration for IBC is in the /home/ubuntu/ibc directory, while Trademade configuration is in /home/ubuntu/trademade.

If you already have a config.yaml and trademade.db files, you can copy them over to the /home/ubuntu/trademade directory on instance using either scp or WinSCP on Windows.

There is a setup script in the home directory called trademade_setup. Once logged in, you can run it via:

./trademade_setup

The script will prompt you for your:

  • Trademade API key
  • IBKR trading mode (paper or live)
  • IBKR login account
  • IBKR password (this will not be echoed to the screen)
  • IBKR account number
  • Telegram username
  • Telegram API key

Once you've entered this information, the script will:

  • Download and install the latest version of Trademade.
  • Configure IBC.
  • Update the Trademade config.yaml file.
  • Enable and start the ibc and trademade systemd services.

When the script completes successfully, Trademade should start up within a few minutes.

If you have not copied over an existing trademade.db file, you will need to send a message to the Telegram bot to initiate a conversation.

FAQ

How do I change my account credentials?

You can re-run the trademade_setup script multiple times. Hitting enter will use the current value of the parameter.

The script will restart IBC and Trademade systemd services.

Are my account credentials secure?

The only way to access the cloud instance is using SSH with the keypair used to create the instance. It is recommended to also configure the instance security group to only allow access from IP addresses under your control. Trademade has no access to your cloud instance.

IBC stores account credentials in a file on disk. It is recommended to enable encryption by default on your AWS account to encrypt all EBS volumes.

How do Trademade and IB Gateway work in the instance?

IB Gateway is controlled through IBC. IBC runs as a systemd service daemon named ibc. If IB Gateway is shut down, the IBC daemon will automatically restart it.

IBC (and IB Gateway) can use the systemctl command to start, stop or restart IB Gateway. For example, the following command will stop IBC:

sudo systemctl stop ibc

The following command will restart IBC:

sudo systemctl restart ibc

Similarly, Trademade also runs as a systemd service daemon named trademade. The stop, start, and restart systemctl commands can be used to manage the Trademade service.

How can I access IB Gateway?

The Trademade AMI runs a virtual VNC server that is accessible through an SSH local port forwarding tunnel. The VNC server is running on localhost port 5900. With an SSH tunnel defined, you can use VNC Viewer to connect to the VNC service and access IB Gateway.

Previous
Running Trademade