This Guidance shows how you can manage your non-fungible token (NFT) workloads on the Ethereum blockchain network. It includes a standard architecture that handles the basic functions required to start using NFTs. You can facilitate your NFT operations on the Ethereum blockchain with AWS serverless technologies and Amazon Managed Blockchain. Then, deploy a scalable platform on which to mint and manage NFTs for a broad set of users in a custodial environment.

Architecture Diagram

Download the architecture diagram PDF 

Well-Architected Pillars

The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.

The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.

  • Using Managed Blockchain, the deployment of Ethereum full node(s) to connect to public testnets and the Ethereum mainnet can be completed in a matter of minutes, which contrasts to the slow deploy and sync times of self-hosted Ethereum nodes that can take 24-36 hours in some cases. Observability is built into the solution with process level metrics, logs, and dashboards. Extend these mechanisms to your needs, and create alarms in Amazon CloudWatch to inform your on-call team on any issues. Finally, the deployment of this solution can be automated with infrastructure as code frameworks such as Cloud Development Kit (CDK) or AWS CloudFormation.

    Read the Operational Excellence whitepaper 
  • The serverless backend is protected with authentication provided by an Amazon Cognito User Pool, which prevents API endpoints from being called by unauthorized users. Using AWS Identity and Access Management (AWS IAM) role(s), the backend Lambda functions have access only to the services they need when making requests to the API Gateway REST API. The most sensitive data in any blockchain solution is the private key(s) that make up a user’s wallet. The confluence of Nitro Enclaves, AWS KMS, Secrets Manager, and Systems Manager provide an isolated, secure compute environment for key derivation and signing.

    Read the Security whitepaper 
  • Various components in the architecture are deployed across multiple Availability Zones, such as the Managed Blockchain Ethereum nodes and the hosts for Nitro Enclaves. By nature, all the serverless components such as AWS Fargate and Lambda are highly available, and automatically scale to accommodate demand. To further increase reliability, consider implementing DynamoDB Global Tables and backups to replicate user balance and transaction status data across Regions. 

    Read the Reliability whitepaper 
  • By using serverless technologies, you provision only the exact resources required for your workload. Using Amazon CloudFront, both the static content for the client web application and the underlying metadata and content for the NFT can be globally served through AWS points-of-presence around the world. Right-sizing the instances that host the Nitro hypervisor for Nitro Enclaves will render the ideal performance for signing operations, which can be identified with testing with various transaction payloads and volumes. Furthermore, for optimized performance in Lambda functions, utilize Lambda Power Tuning to choose the ideal memory allocation by profiling different memory allocations and the resulting duration and cost per execution.

    Read the Performance Efficiency whitepaper 
  • By utilizing serverless technologies, you pay only for the resources you use. Using tools such as Lambda Power Tuning to identify the ideal memory allocation for your performance goals, you can identify the optimal balance of cost and performance for your Lambda function executions. In addition, using Nitro Enclaves for isolated compute during signing operations presents significant cost savings to using AWS KMS customer-managed keys (CMKs) for signing operations where your fixed cost grows in a linear fashion on a per-wallet3 basis. To further optimize cost, you can utilize the Amazon S3 Intelligent-Tiering storage class, which automatically selects the ideal cost-effective storage tier for your content depending on its access patterns, such as frequency of access.

    Read the Cost Optimization whitepaper 
  • By extensively utilizing managed services and dynamic scaling, we minimize the environmental impact of the backend services. Furthermore, as the public Ethereum blockchain mainnet and testnets shift from the Proof-of-Work to the Proof-of-Stake consensus mechanism in late 2022, it will bring a 99.5%+ reduction in energy consumption in operating the networks. 

    Read the Sustainability whitepaper 

Sample Code

Start building with this sample code. [Text]

AWS Machine Learning Blog
This post demonstrates how...
Read the full blog post 
AWS Machine Learning
This post demonstrates how...
Read the full blog post 


The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.

References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.

Was this page helpful?