Skip to main content

Guidance for Secure Blockchain Key Management with AWS Nitro Enclaves

Overview

This Guidance demonstrates how you can use AWS Nitro Enclaves and AWS Secrets Manager for secure blockchain transaction signing. The flexibility of AWS Nitro Enclaves allows you to create enclaves for various types of blockchain operations. The additional isolation and security inherent in the enclaves help to reduce attack surface area for your applications. 

How it works

These technical details feature an architecture diagram to illustrate how to effectively use this solution. The architecture diagram shows the key components and their interactions, providing an overview of the architecture's structure and functionality step-by-step.

Well-Architected Pillars

The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.

This Guidance provides a basic blueprint to help you implement AWS Nitro Enclave for blockchain key management. Design this into your workloads with AWS CDK, so you can customize and build the procedures needed to support your business objectives. 

Read the Operational Excellence whitepaper 

For secure authentication and authorization, access is granted only to instances running in the same VPC as the AWS Nitro Enclaves. This is ensured by security groups that act as a virtual firewall for your Amazon EC2 instances to control incoming and outgoing traffic. 

Separate VPCs are created within two private subnets. Amazon EC2 instances running inside the subnets can only access the internet through the Network Address Translation (NAT) gateways. No inbound access to Amazon EC2 instances is possible. Administrator access to the Amazon EC2 instances is established through Systems Manager. All traffic to AWS services, like AWS KMS, is routed through the interface VPC endpoints.

Data, particularly sensitive private key material, is encrypted using AWS KMS. The ciphertext is stored in Secrets Manager. Cryptographic attestation is used to ensure that the ciphertext is decrypted from inside the AWS Nitro Enclave.

Read the Security whitepaper 

By default, an auto scaling group deploys over two different subnets in different Availability Zones. One Amazon EC2 instance deploys in each subnet. A network load balancer (NLB) distributes the requests between both Amazon EC2 instances. The auto scaling group ensures that there are two active instances available at any time.

The enclaves run stateless and all services are loosely coupled. Changes to the resources and configs can be applied and deployed through AWS CDK to minimize human error and help your environment adapt to changes. 

Read the Reliability whitepaper 

The services in this Guidance provide a secure, flexible, and cost-effective alternative to the purpose-built blockchain key management solutions available on AWS right now. It is a blueprint of what an AWS Nitro Enclave blockchain key management solution could look like. You can adapt the critical parts (such as key management and signing) for your specific use.

Read the Performance Efficiency whitepaper 

This Guidance avoids services and storage options with high monthly fix costs. For long-term operation, the Amazon EC2 instances can be part of an EC2 Instance Savings Plan. By default, the Guidance uses on-demand instances with the Amazon EC2 instance type as M5a.xlarge, the smallest instance currently supporting AWS Nitro Enclaves.

By leveraging a Network Load Balancer that distributes the load between two different Amazon EC2 instances running in separate availability zones (AZs), this Guidance scales to continually meet demand. It ensures this scaling and high availability through the additional Amazon EC2 instances. Because the processes inside the AWS Nitro Enclaves are stateless, new Amazon EC2 instances can be added and removed according to the demand.

Read the Cost Optimization whitepaper 

The auto scaling group in this Guidance ensures a minimum number of instances are running, and new instances are both launched and terminated based on changes to demand. 

Read the Sustainability whitepaper 

Disclaimer

The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.