Guidance for a Non-Custodial Ethereum and Bitcoin Wallet Interface on AWS
Overview
How it works
These technical details feature an architecture diagram to illustrate how to effectively use this solution. The architecture diagram shows the key components and their interactions, providing an overview of the architecture's structure and functionality step-by-step.
Well-Architected Pillars
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
Operational Excellence
AWS Amplify Hosting hosts the static webpage for the Ethereum wallet interface, and it provides built-in continuous integration and continuous delivery (CI/CD) tools to incorporate and deploy changes to the web interface as code is committed.
Security
You can configure an Amazon Cognito Identity Pool for guest access (unauthenticated identities) to allow users of the web app to use Managed Blockchain services without creating an account. Using the Cognito Identity Pool basic (classic) authflow, the web application makes GetId and GetOpenIdToken requests to the Amazon Cognito API and receives an OAuth 2.0 token for each unauthenticated identity. The web application exchanges the OAuth 2.0 token for AWS API credentials by making an AssumeRoleWithWebIdentity API request to the AWS Security Token Service (STS) API and providing the Amazon Resource Names (ARN) of an AWS Identity and Access Management (IAM) role that grants permission to Managed Blockchain.
Note that by enabling guest access with Amazon Cognito Identity Pools, you are opening up your Amazon Managed Blockchain services to the public to create a wallet experience that does not require a user account. You could alternatively build authentication into your app using Amazon Cognito User Pools and Amazon Cognito Identity Pools, which would restrict access to registered users. The web application can use the Amplify JavaScript libraries to prompt users to create an account and sign in before obtaining AWS API credentials for Amazon Managed Blockchain.
Reliability
This non-custodial wallet interface relies on highly-available APIs and fully-managed blockchain node infrastructure services offered by Managed Blockchain.
Performance Efficiency
Managed Blockchain makes it easy for customers to access public blockchain networks like Ethereum and query token balances for a given user address. For a digital wallet interface, Managed Blockchain Access provides fully-managed Ethereum full nodes to broadcast transactions. Managed Blockchain Query provides APIs to query token balances and transaction history and populate the wallet interface with information about a user’s digital asset balances and transactions.
Cost Optimization
Managed Blockchain Query offers serverless query APIs for public blockchain data, serving critical data for the web wallet interface. These APIs scale with user demand and do not have any minimum resource requirements.
Sustainability
Managed Blockchain Query APIs are designed to scale with your needs, allowing you to query public blockchain data at the volume that suits your workload without managing underlying blockchain infrastructure. By maximizing the use of managed services such as Amplify Hosting and Managed Blockchain, customers are not required to provision any self-managed hardware to deploy this workload.