[text]
This Guidance helps you create an Ethereum and Bitcoin web-based wallet application without having to manage blockchain infrastructure. The wallet application will provide application users with a way to view historical transactions, current token balances, portfolio holdings, and more. By deploying this Guidance, you can reduce the undifferentiated administrative load required to implement a non-custodial wallet interface for Ethereum-compatible blockchains, complete with a portfolio tracker and transaction history features.
Please note: [Disclaimer]
Architecture Diagram
[text]
Step 1
AWS Amplify serves the client web application through the hosted user interface. An Amazon Cognito Identity Pool is used to delegate credentials for an AWS Identity and Access Management (IAM) Role that grants access to Amazon Managed Blockchain resources.
Step 2
The web application makes requests to Amazon Managed Blockchain Query for token balances and transaction history on public blockchains such as Bitcoin and Ethereum.
Step 3
The web application makes JavaScript Object Notation-Remote Procedure Call (JSON-RPC) requests to a dedicated Ethereum full node and serverless Bitcoin JSON-RPC API endpoint on Amazon Managed Blockchain Access to retrieve additional transaction metadata, broadcast transactions, and more.
Step 4
The web application makes requests for Non-Fungible Token (NFT) metadata hosted on the web and the Interplanetary File System (IPFS) using an IPFS node cluster.
Well-Architected Pillars
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
-
Operational Excellence
AWS Amplify Hosting hosts the static webpage for the Ethereum wallet interface, and it provides built-in continuous integration and continuous delivery (CI/CD) tools to incorporate and deploy changes to the web interface as code is committed.
-
Security
You can configure an Amazon Cognito Identity Pool for guest access (unauthenticated identities) to allow users of the web app to use Managed Blockchain services without creating an account. Using the Cognito Identity Pool basic (classic) authflow, the web application makes GetId and GetOpenIdToken requests to the Amazon Cognito API and receives an OAuth 2.0 token for each unauthenticated identity. The web application exchanges the OAuth 2.0 token for AWS API credentials by making an AssumeRoleWithWebIdentity API request to the AWS Security Token Service (STS) API and providing the Amazon Resource Names (ARN) of an AWS Identity and Access Management (IAM) role that grants permission to Managed Blockchain.
Note that by enabling guest access with Amazon Cognito Identity Pools, you are opening up your Amazon Managed Blockchain services to the public to create a wallet experience that does not require a user account. You could alternatively build authentication into your app using Amazon Cognito User Pools and Amazon Cognito Identity Pools, which would restrict access to registered users. The web application can use the Amplify JavaScript libraries to prompt users to create an account and sign in before obtaining AWS API credentials for Amazon Managed Blockchain.
-
Reliability
This non-custodial wallet interface relies on highly-available APIs and fully-managed blockchain node infrastructure services offered by Managed Blockchain.
-
Performance Efficiency
Managed Blockchain makes it easy for customers to access public blockchain networks like Ethereum and query token balances for a given user address. For a digital wallet interface, Managed Blockchain Access provides fully-managed Ethereum full nodes to broadcast transactions. Managed Blockchain Query provides APIs to query token balances and transaction history and populate the wallet interface with information about a user’s digital asset balances and transactions.
-
Cost Optimization
Managed Blockchain Query offers serverless query APIs for public blockchain data, serving critical data for the web wallet interface. These APIs scale with user demand and do not have any minimum resource requirements.
-
Sustainability
Managed Blockchain Query APIs are designed to scale with your needs, allowing you to query public blockchain data at the volume that suits your workload without managing underlying blockchain infrastructure. By maximizing the use of managed services such as Amplify Hosting and Managed Blockchain, customers are not required to provision any self-managed hardware to deploy this workload.
Implementation Resources
A detailed guide is provided to experiment and use within your AWS account. Each stage of building the Guidance, including deployment, usage, and cleanup, is examined to prepare it for deployment.
The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.
Related Content
Disclaimer
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.