Migrate centralized crypto exchange workloads to AWS – Part 1

This is the English version of the original post published in the AWS Indonesia blog.

Cryptocurrency exchanges are digital marketplaces where users trade various digital currencies like Bitcoin and Ethereum. The exchanges provide a secure environment where millions of people worldwide can participate in the cryptocurrency economy.The cryptocurrency trading landscape features two distinct types of exchanges: centralized (CEXs) and decentralized (DEXs). Centralized exchanges operate like traditional financial institutions, with companies managing user transactions and maintaining control over digital assets. In contrast, decentralized exchanges function through blockchain networks, without intermediaries and giving traders direct control over their funds.

Indonesia has emerged as a significant player in the global cryptocurrency market, ranking third in worldwide crypto adoption in 2024. The country hosts 30 officially registered centralized cryptocurrency exchanges, demonstrating the robust growth of digital asset trading in the region. In 2024, AWS has gained recognition as one of two cloud providers recommended by Indonesia’s financial authority, PT Central Finansial X (CFX), for cryptocurrency exchange operations.

This three-part series explores the world of centralized cryptocurrency exchanges and their implementation on AWS Cloud infrastructure. We share practical insights and technical guidance for building reliable, secure, and scalable cryptocurrency trading platforms. Part 1 (this post) examines the business model of centralized exchanges and presents reference architectures based on AWS services. Part 2 focuses on migration strategies and lessons learned, and upcoming Part 3 showcases real-world implementations from Indonesian cryptocurrency exchanges.

The series aims to help both new and established exchanges understand the benefits of cloud infrastructure in the digital asset trading ecosystem.

Crypto exchange business blueprint

Let’s first review key components of the CEX business blueprint, as illustrated in the following diagram.

1. Trade engine

At the center of cryptocurrency exchanges lies the trade engine. These engines work as stateless microservices that process and match trading orders. They communicate through specialized messaging systems for order management and trade matching.

When users place orders, the trading engine processes each request and matches buyers with sellers at the best available prices. The system stores all trading information in specialized services called trade feeds and order books. Crypto exchanges also use blockchain nodes and wallets to settle and store users’ crypto assets, acting as custodians. They can build their own blockchain infrastructure or use specialized services.

Modern trading engines integrate with blockchain technology to make asset trading faster and more efficient. This integration allows for quick order processing while maintaining secure asset management on the blockchain network.

2. Trade feeds and order books

The trade engine maintains the incoming stream of trading intentions in the order books service. These books maintain all open buy orders (bids) and sell orders (asks), along with their respective prices and quantities. It’s similar to a marketplace bulletin board where people actively post their intentions to buy or sell at various price points, before any actual transactions occur.Trade feeds, on the other hand, function as historical records of completed transactions, essentially documenting what has already occurred in the market. They record the final execution price of trades, the volume traded, the exact timestamp of execution, and whether it was a buy or sell transaction. You can think of trade feeds like a receipt book or transaction history—they provide a complete record of all finalized deals that have taken place on the exchange.

3. Market data distribution

Real-time market data plays a crucial role in keeping trading systems accurate and efficient. External providers supply current price information to trading engines, making sure transactions occur at fair market rates. This continuous flow of data helps maintain market integrity and supports informed trading decisions.

4. Analytics and user experience

The trading system collects data that helps detect unusual trading patterns and supports detailed business analysis and regulatory reporting. The collected data also enables exchanges to provide better services to users, including personalized portfolio management and improved trading experiences.

5. Liquidity providers and market makers

Professional market makers and liquidity providers play essential roles in maintaining healthy trading environments. These partners help create stable markets by consistently offering trading pairs and managing price fluctuations. The entire system operates under strict security measures, protecting user assets during all trading stages and maintaining careful monitoring of all transactions.

6. Security and monitoring

Security remains the top priority in cryptocurrency exchange operations. Exchanges implement comprehensive security measures throughout their systems to protect users’ assets through all key stages: onboarding, trading, and off-boarding. Regular monitoring occurs at both technical and business levels, with special attention to transaction safety and trading activity oversight.

Implementing the CEX blueprint on AWS

The following diagram illustrates how this business blueprint can be designed with AWS services.

1. At trade

The trading platform consists of four main modules: UI, API layer with core services, blockchain layer, and wallet layer. The frontend interface uses AWS Amplify for development and operation, with Amazon Route 53 handling domain names and Amazon CloudFront distributing content globally for fast access. Trading users need stable real-time connections, so we propose using WebSocket connections managed by a Network Load Balancer and Amazon EC2 Auto Scaling to maintain service during usage spikes. For core trading services, we suggest using AWS Fargate with either Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS) to run and scale containerized applications. The blockchain nodes will operate on Amazon Elastic Compute Cloud (Amazon EC2) instances using both regular x86 and cost-efficient Amazon Graviton processors. For wallet security, we recommend AWS Key Management Service (AWS KMS) and AWS Nitro Enclaves to protect blockchain keys and sensitive operations.

2. Persistent data storage

We propose different storage services for different types of data:

• Amazon Aurora or Amazon Relational Database Service (Amazon RDS) for accurate trading records
• Amazon ElastiCache for storing frequently accessed pricing data
• Amazon DynamoDB for handling user information with quick access
• Amazon OpenSearch Service for advanced data searching
• Amazon Simple Storage Service (Amazon S3) for storing files and documents

3. Market data distribution

The platform needs to share market information in real time with many users. We propose using Amazon Kinesis or Amazon Managed Streaming for Apache Kafka (Amazon MSK) to handle continuous data streams. Amazon EventBridge will connect different parts of the system by routing events between services. This design lets services work independently while maintaining communication. EventBridge includes security features like filters, access controls, and data protection to keep events safe and trackable.

4. External provider connections

For connecting with outside partners like market makers and payment services, we recommend the following network solutions:

• AWS Transit Gateway for connecting multiple networks centrally
• NAT gateways for safe internet access
• AWS Site-to-Site VPN for secure connections with local networks
• AWS Direct Connect for fast private connections to AWS

5. Pre-trade (data analysis and machine learning)

For market analysis and trading support, we suggest the following services:

• Amazon S3, AWS Glue, and AWS Lake Formation to organize data
• Amazon Redshift and Amazon Athena to analyze large amounts of data
• Amazon Quick Sight to create visual reports
• Amazon SageMaker to build and run machine learning models
• Amazon Bedrock to manage AI-powered applications
• AWS Lambda to connect these services automatically

6. Security and system monitoring

The platform needs strong security and monitoring systems:

• Amazon CloudWatch to track system performance through metrics and logs
• AWS X-Ray to help find problems in applications
• AWS Identity and Access Management (IAM) to control who can access different services
• AWS Shield to protect against denial of service (DoS) attacks
• AWS CloudTrail to record all system actions
• Amazon GuardDuty to look for security threats
• AWS WAF to protect web applications from attacks
• AWS Security Hub to help manage all security information in one place

Conclusion

In Part 1 of our series, we detailed the fundamental components of centralized cryptocurrency exchanges and their implementation using AWS services. We explored how critical elements like trade engines, order books, and market data distribution can be built using AWS Cloud services. The architecture we’ve presented combines security measures, scalable infrastructure, and real-time data processing capabilities essential for modern crypto trading platforms. Part 2 will focus on practical migration strategies for existing exchanges moving to AWS, including technical challenges encountered during actual implementations in Indonesia’s crypto market.

About the authors