Amazon Managed Blockchain FAQs

Q: What is Amazon Managed Blockchain?

A: Amazon Managed Blockchain is a fully managed service that allows you to join public networks or set up and manage scalable private networks using popular open-source frameworks. Amazon Managed Blockchain eliminates the overhead required to create the network or join a public network, and automatically scales to meet the demands of thousands of applications running millions of transactions. Once your network is up and running, Managed Blockchain makes it easy to manage and maintain your blockchain network. It manages your certificates and lets you easily invite new members to join the network.

Q: What can I do with Amazon Managed Blockchain?

A: With Amazon Managed Blockchain, you can easily join public networks or create private networks across multiple AWS accounts with the open-source frameworks, Hyperledger Fabric and Ethereum. These blockchain frameworks enable network members to securely transact and share data on a distributed and immutable ledger. Additionally, you can configure voting rules for your network so members can democratically govern it (i.e., voting on who to invite to join).

Q: How do I get started with Amazon Managed Blockchain?

A: To get started with Amazon Managed Blockchain, go to the AWS Management Console and click on Amazon Managed Blockchain. Click on "Create a network" or “Join a network”. Follow the network creation wizard to create your first network and member, and then invite other AWS accounts to join. Alternatively, follow the join network wizard to join a public network, and then provision nodes to interact with the network.

For step-by-step instructions to get started, please visit Get Started Creating a Hyperledger Fabric Network and Get Started with Ethereum in the Amazon Managed Blockchain documentation.

Q: How do you access Amazon Managed Blockchain?

A: You can access Amazon Managed Blockchain from the AWS Management Console, AWS Command Line Interface (CLI), or AWS Software Development Kit (SDK).

To interact with the Hyperledger Fabric components provisioned and managed by Amazon Managed Blockchain, such as the certificate authority, ordering service, and peer nodes, you can use the open source Hyperledger Fabric CLI and SDK. Amazon Managed Blockchain provides endpoints to access these services, and you create a VPC PrivateLink endpoint for your network to access these endpoints. Please use a compatible version of the Hyperledger Fabric CLI and SDK with the version of Hyperledger Fabric specified in your network.

To interact with Ethereum smart contracts, your client uses a WebSocket or HTTP connection to a peer node endpoint in Managed Blockchain. Your node endpoint can only be accessed by your AWS Account. The client uses standard Ethereum JSON-RPC API methods to query and submit transactions to your node, which participates on the Ethereum network.

Q: What is a blockchain network?

A: Blockchain is a technology that makes it possible to build applications where multiple parties can record transactions without the need for a trusted, central authority to ensure that transactions are verified and secure.

Blockchain enables this by establishing a peer-to-peer network (a blockchain network) where each participant in the network has access to a shared ledger where the transactions are recorded. These transactions are by design, immutable and independently verifiable.

Q: What is the difference between Amazon Managed Blockchain and Amazon Quantum Ledger Database (QLDB)?

A: QLDB is a ledger database purpose-built for customers who need to maintain a complete and verifiable history of data changes in an application that they own and manage in a centralized way. Amazon QLDB is not a blockchain technology. Instead, blockchain technologies focus enabling multiple parties to transact and share data securely in a decentralized way; without a trusted, central authority. Every member in a network has an independently verifiable copy of an immutable ledger, and members can create and endorse transactions in the network. Amazon Managed Blockchain is a fully managed blockchain service that enables multiple parties to transact and share data directly and securely without the need for a central, trusted authority.

Q: What open source blockchain frameworks does Amazon Managed Blockchain support?

A: Amazon Managed Blockchain supports the open source Hyperledger Fabric and Ethereum frameworks. 

Q: What region is the Amazon Managed Blockchain currently available in?

A: Please visit the AWS Region Table to see the regions where you can use Amazon Managed Blockchain.

Q: What is the difference between the Amazon Managed Blockchain Starter Edition and Standard Edition network types?

A: Amazon Managed Blockchain offers two different network types: Starter Edition and Standard Edition. Each type is aimed for a particular set of use cases, and has a different hourly membership rate.

The Amazon Managed Blockchain Starter Edition network is designed for test networks and small production networks. It has several different attributes than the Standard Edition: You can have a maximum of 5 members per network and 2 peer nodes per member. Available peer node types are bc.t3.small and bc.t3.medium. The ordering service provisioned in a Starter Edition network has lower transaction throughput and availability than that in a Standard Edition network.

The Amazon Managed Blockchain Standard Edition network is designed for production networks. It has several different attributes than the Starter Edition: You can have a maximum of 14 members per network and 3 peer nodes per member. The bc.t3, bc.m5, and bc.c5 instance families are available instance types for peer nodes. The ordering service provisioned in a Standard Edition network has higher transaction throughput and availability than that in a Starter Edition network.

Q: How do I invite other AWS accounts to join the blockchain network?

A: You can create a proposal to invite another AWS account to the blockchain network, and the current members in that network vote on the proposal. If the proposal becomes approved based on the voting rules of the network, then the other AWS account will receive an invitation to join the network.

Q: Does the account that creates an Amazon Managed Blockchain network own that resource?

A: An Amazon Managed Blockchain network is a decentralized resource where multiple AWS accounts have an equal ownership stake depending on the voting rules specified at the network’s creation. With the Approval Threshold Policy type, though an initial AWS account creates the network, governance can be distributed among multiple members after they join the network. If the initial member of the network leaves, that network will still be active among the remaining members.

Q: How do I delete an Amazon Managed Blockchain network?

A: An Amazon Managed Blockchain network is deleted once the last member in the network deletes their membership. If you have created a multi-member blockchain network in your AWS account, the network will be deleted once you delete all of the members. If you are in a blockchain network with memberships that you do not own, the network will only be deleted when the last member deletes their membership. If you delete your member and there are other members still in the network, that network will not be terminated. When Amazon Managed Blockchain is generally available, there will be configurable options to terminate a network if the founding member leaves.

Q: How do I create a VPC PrivateLink endpoint to access Hyperledger Fabric resources provisioned for the network?

A: Amazon Managed Blockchain provides endpoints to interact with your Hyperledger Fabric resources, specifically the Hyperledger Fabric certificate authority, ordering service, and peer nodes. To access these endpoints, you need to create a VPC PrivateLink endpoint in the VPC from which you would like to access the network. You can create a VPC PrivateLink endpoint from the VPC console, AWS CLI, or AWS SDK. When creating your endpoint, use the VPC Endpoint Service Name provided in the Amazon Managed Blockchain network details. If you have created multiple members in a single AWS account, you only need to create on VPC PrivateLink endpoint and not one for each member. Please note that you are billed separately for VPC PrivateLink endpoints you create and use. Please visit the Amazon Managed Blockchain documentation for more information on creating VPC PrivateLink endpoints for your network.

Q: How do I use the open source Hyperledger Fabric CLI or SDK on a client node to interact with my Amazon Managed Blockchain resources?

A: To interact with the Hyperledger Fabric certificate authority (CA), peer nodes, and ordering service created for your network, you can use the open source Hyperledger Fabric CLI or SDK and configure them with the respective endpoint information provided. Amazon Managed Blockchain exposes the endpoints for these components using a VPC PrivateLink endpoint that you create in your VPC. The Amazon EC2 instance or other resource running the Hyperledger Fabric CLI or SDK must have a route to reach this VPC PrivateLink endpoint. For instructions on how to configure these clients, please visit the Amazon Managed Blockchain documentation.

Q: What are the components of Hyperledger Fabric?

A: An Amazon Managed Blockchain for Hyperledger Fabric creates and manages the required components on your behalf that are needed to run a network. A Hyperledger Fabric network includes the ordering service, certificate authority, and peer components. 

To interact with these components, you use an open source Hyperledger Fabric CLI or SDK from a client host that you create and manage. For more information about Hyperledger Fabric, please visit the Amazon Managed Blockchain documentation.

Q: How do I create a channel in my Hyperledger Fabric network?

A: Hyperledger Fabric channel is a private “subnet” of communication between two or more specific network members, for the purpose of conducting private and confidential transactions. Each transaction on the blockchain network is executed on a channel, where each party must be authenticated and authorized to transact on that channel.

To create a new channel in your Amazon Managed Blockchain network, you use the open source Hyperledger Fabric CLI or SDK with the endpoints exposed on your Hyperledger Fabric resources. You call configuration system chaincode, which creates a genesis block for the channel ledger, which stores configuration information about the channel policies, members, and anchor peer nodes for the channel. Please visit the Amazon Managed Blockchain documentation to learn more about creating a Hyperledger Fabric channel.

Q: How do I deploy chaincode applications to Hyperledger Fabric network?

A: Chaincode is a program that typically handles business logic agreed to by members of the network and is sometimes called a “smart contract.” To install and instantiate chaincode on the blockchain network, you use the open source Hyperledger Fabric CLI or SDK with the endpoints exposed on your Hyperledger Fabric resources. Additionally, only admin users in your membership can do these operations. To learn more about using chaincode with Hyperledger Fabric, please visit the Amazon Managed Blockchain documentation.

Q: How do I control access to my Amazon Managed Blockchain resources?

A: Hyperledger Fabric on Managed Blockchain uses certificates to identify users in each membership and determine their permissions on the network. You can create and manage these users using the Hyperledger Fabric certificate authority. Ethereum nodes on Managed Blockchain use Signature Version 4 to authenticate JSON-RPC calls to the node.

Q: How do I access the endpoints on the Hyperledger Fabric components managed by Amazon Managed Blockchain?

A: To access the endpoints on the Hyperledger Fabric components managed by Amazon Managed Blockchain, such as the Hyperledger Fabric certificate authority, ordering service, and peer nodes, you need to create a VPC PrivateLink endpoint in the VPC from which you would like to access the network. You can create a VPC PrivateLink endpoint from the VPC console, Amazon Managed Blockchain console, AWS CLI, or AWS SDK. When creating your endpoint, use the VPC Endpoint Service Name provided in the Amazon Managed Blockchain network details. If you have created multiple members in a single AWS account, you only need to create on VPC PrivateLink endpoint and not one for each member. Your client will also be able to interact with peer nodes from other members in the network to receive endorsements for proposed transactions.

Please note that you are billed separately for VPC PrivateLink endpoints you create and use. Please visit the Amazon Managed Blockchain documentation for more information on creating VPC PrivateLink endpoints for your network.

Q: Can I create multiple peer nodes to increase the availability of my blockchain components?

A: In the Standard Edition, you can create up to 3 blockchain peer nodes in each membership across Amazon EC2 availability zones for high availability. In the Starter Edition, you can create 2 peer nodes per membership. For Ethereum on Amazon Managed Blockchain, you can create up to 50 nodes per AWS account across Amazon EC2 availability zones.

Q: What permissions does the admin user configure when creating my network member?

A: The admin user you configure when creating your network member serves as the initial user in your Hyperledger Fabric membership. You can use the username and password to enroll this user with your Hyperledger Fabric certificate authority and create additional users in your membership. The admin user can also create channels on the network, and install and instantiate chaincode applications.

Q: Is there any maintenance downtime for my blockchain components?

A: There's no downtime for Ethereum nodes. Hyperledger Fabric peer nodes will have less than a minute downtime when we apply security patches, typically on a monthly basis or as needed. You will receive notification of upcoming maintenance in your Personal Health Dashboard. You can create multiple peers to mitigate this downtime, as only one peer per member will be patched at a time. Having multiple peers is recommended for high availability in general.

Q: How is Amazon Managed Blockchain priced?

A: There is no up-front commitment with Amazon Managed Blockchain. For Hyperledger Fabric on Amazon Managed Blockchain, you simply pay an hourly charge (billed per second) for your network membership, peer nodes, and peer node storage, and you pay for data you write to the network. Amazon Managed Blockchain offers two editions, the Standard Edition and the Starter Edition, and each edition has a different membership hourly rate. Additionally, you pay standard data transfer rates. To interact with your Amazon Managed Blockchain resources, you will need a VPC PrivateLink endpiont that is billed separately. Amazon Managed Blockchain for Ethereum allows you to create nodes and join them to Ethereum public networks. You are charged for the node, node storage, and the number of Ethereum requests you make.

Please visit the Amazon Managed Blockchain pricing page for more information.

Q: Is there a different price for the Amazon Managed Blockchain Starter Edition and Standard Edition?

A: Yes, there is a different hourly membership rate for the Amazon Managed Blockchain Starter Edition and Standard Edition. Each edition is designed for a particular set of use cases. Please visit the Amazon Managed Blockchain pricing page for more information.