Table of Contents

Part 3: Provisioning AWS Managed Blockchain (AMB) for Hyperledger Fabric (HLF)

This is the third article in a series that explores the provisioning of blockchain and Web3 technologies in traditional banking. The first piece provided insights into a business use case of how a bank can leverage blockchain-based solutions and adopt a Web3 application for a construction company. The second article focused on the technical aspect, detailing a proof of concept (PoC) to implement the use case.  

 In this article, we outline how AWS Managed Blockchain can help in the smooth running of Hyperledger Fabric (an open-source platform to build and run smart contracts), highlighting all the necessary steps in between. 

 

Overview 

AWS Managed Blockchain offers a robust and scalable solution for deploying and managing blockchain networks in the rapidly evolving landscape of blockchain technology. This document provides a comprehensive guide to provisioning AWS Managed Blockchain specifically for Hyperledger Fabric (HLF). HLF is a popular framework for developing permissioned blockchain networks, and with AWS Managed Blockchain, deployment and management become more streamlined. 

 

Prerequisites 

Before diving into the process of provisioning AWS Managed Blockchain for HLF, it's essential to ensure specific prerequisites are met. This section outlines the requirements and initial steps to set the stage for a successful deployment. 

  1. AWS Account Setup
  2. Identity and Access Management (IAM) 

    Set up IAM users and roles with the necessary permissions for creating and managing AWS Managed Blockchain resources
  3. Hyperledger Fabric knowledge 
  4. Docker knowledge 
  5. Linux or Ubuntu knowledge


Architecture Overview 

The following diagram shows the essential components of a Hyperledger Fabric blockchain running on AMB. 

AWS PIC BETTER Q
 

Source: https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/network-components.html

 

Creating a Managed Blockchain Network 

Creating an HLF network on AMB involves several vital steps: configuring the network, defining its members, and setting up the necessary infrastructure. This section provides a detailed walkthrough of the steps required to create and configure a managed blockchain network on AWS. 

We will be going to create an HLF network with two members. Each member will have a peer node associated with it. 

 

Choosing the HLF version 

When creating a managed blockchain network on AWS, choosing the appropriate version of Hyperledger Fabric relevant to your use case is crucial. We have chosen the HLF version 2.2 provisioning on AMB. 

 

 

Creating a Network 

  1. Open the AMB Access Console at https://console.aws.amazon.com/managedblockchain/  
  2. Click on “Create private network” to initiate the network creation process.
  3. Select Hyperledger Fabric Framework version 2.2 (latest). 
  4. Choose the “Network edition” relevant to your use case.
  5.  Provide a unique name and description for your network. 
  6. Specify the “Voting policy,” determining conditions for accepting changes to the network.
  7.  Create the network's first member, e.g., Org1Member, with a unique name and description. 
  8. Specify a username and password for “Hyperledger Fabric certificate authority (CA) configuration” for administrator use. Remember the username and password for later use.
  9.  Review “Network options” and “Member options,” and then click on “Create network and member.” 

It takes around a minimum of 30 minutes for AMB access to create your network. Once created, the Status will become Available. 

Image 1-1

 

Creating a VPC Endpoint 

This section guides you through setting up an interface VPC for your member, allowing the Amazon EC2 instance used as an HLF Client to interact with AMB members and network resources. 

  1. Click on the network you created above to go into details. 
  2. Click on “Create VPC endpoint.”
  3.  Choose a VPC from the list. 
  4. Choose a Subnet from the list.
  5.  Choose a Security group from the list, preferably the same as your client EC2 instance.  
  6. Click on “Create.”

 image (2)

 

Inviting Another Member 

Now that you have an HLF network with a first member (Org1Member) and a VPC endpoint, you can invite additional members. 

  1. Click on the “Proposals” tab and click “Propose invitation.” 
  2. Choose a “Submit proposal as” you are an initial member created in the above steps.
  3.  Provide a “Description” for the member invitation. 
  4. Specify the AWS account ID to invite to the network, which can be the same or another relevant AWS account.
  5.  Click on “Create.” 

 After creating the invitation proposal, use the first member to approve the bid. 

  1. Click on the “Proposals” tab. 
  2. Under “Active,” choose the Proposal ID to vote on.
  3.  Under “Vote on proposal,” select the member in your account to vote as. 
  4. Choose Yes to approve the proposal.
  5.  Click on “Confirm” your vote. 


Follow the steps below to accept an invitation to create another member and join the network. 

  1.  From the navigation pane, click on “Invitations.” 
  2. Select the invitation you want to accept from the list and click “Accept invitation.” 
  3. Under “Create member and join network,” configure your network member by providing a unique name, member name, and description, e.g., Org2Member.
  4.  Under “HLF certificate authority (CA) configuration,” specify a username and password for administrator use. Remember the username and password for later use. 
  5. Click on “Create member and join network.”

image (3)

 Like the screenshot above, you will see two members, Org1Member and Org2Member, under the “Members” tab. 

 

Creating a Peer Node 

To create a peer node for both members, follow the same procedures: 

  1. Click on the “Members” tab. 
  2. Select a Member from the list, then choose “Create peer node.”
  3.  Under peer node configuration, choose a “Blockchain instance type” relevant to your use case. 
  4. Choose a “State DB configuration” as CouchDB.
  5.  Choose an “Availability Zone” as your region. 
  6. Enable all the logging configurations.
  7.  Click on “Create peer node.” 

 

Creating an Amazon EC2 Instance 

To complete this step, launch an Amazon EC2 instance using the Amazon Linux AMI, considering the following requirements and recommendations. 

  1. We recommend launching the client Amazon EC2 instance in the same region as the AMB network you created above. 
  2. We recommend launching the client Amazon EC2 instance in the same VPC and using the same security group as the VPC endpoint you created above.
  3.  We recommend that the VPC endpoint share the EC2 security group, and the client Amazon EC2 instance has rules that allow all inbound and outbound traffic between members of the security group. 
  4. Ensure that this security group associated with the client Amazon EC2 instance has a rule allowing inbound SSH connections from a source that includes your SSH client’s IP address.
  5.  If your machine SSH client’s IP address is dynamic, specify the source as 0.0.0.0/0 to allow any SSH client’s IP address. 
  6. Ensure that the client Amazon EC2 instance is configured with an automatically assigned public IP address and that you can connect to it using SSH.
  7.  Ensure that the service role associated with the EC2 instance allows access to the Amazon S3 bucket where AMB Access certificates are stored. 

image (4)

Follow the detailed references below to launch an Amazon EC2 instance and add the necessary rules and permissions.

https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/managed-blockchain-security-sgs.html 

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html  

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-to-linux-instance.html  

https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/security_iam_hyperledger_ec2_client.html 

 

 

Set Up the Hyperledger Fabric Client 

Once you’ve created an Amazon EC2 instance using the Amazon Linux AMI, install the following packages to support blockchain network connection. 

  1. Docker version 20.10.23 
  2. Docker compose version 1.20.0
  3.  Go version 1.14.4 
  4. Fabric samples version 2.2.3
  5.  Fabric client version 1.4.7 
  6. Git version 2.40.1

 Follow the procedures in the reference document below for installing the packages and setting up the HLF client. 

 https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/get-started-create-client.html

Go to this link and follow the steps from 4.1 to 4.4.  

For step 4.4: The sample “docker-compose.yaml” file contains one member and peer endpoint. For two members, add one more like the “cli” structure under “services.” Then, name it as something else and configure it with another member ID and peer endpoint. 

 

 

Enroll an Administrative User 

Follow the steps in the reference document below to enroll administrative users in the HLF client. 

https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/get-started-enroll-admin.html  

Do the same steps for both the members in the network. Copy the MSP certificates of both members into the two different folders. 

 

 

Creating a Channel and Installing Chaincode 

Follow the steps in the reference document below to create a multi-member channel and install Chaincode. Perform installing Chaincode for both Org1 and Org2 member peers. 

https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/get-started-joint-channel.html#get-started-joint-channel-channel-configtx 

Before diving into the procedures, perform these steps from the reference document below. 

  1. Set “Orderer” environment variables. 

    https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/get-started-create-channel.html#get-started-create-channel-environment-variables
  2. Install Go vendor dependencies.
    https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/get-started-chaincode.html#get-started-chaincode-install-vendor-dependencies
  3. Create the Chaincode package.
    https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/get-started-chaincode.html#get-started-chaincode-create-package 

 

 

Security and Logging 

For additional security, follow the reference document below to add more security features such as Data protection, Authentication, and Access control. 

https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/managed-blockchain-security.html  

Follow the reference document below for monitoring Certificate Authority (CA) and Chaincode logs. 

https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/monitoring-cloudwatch-logs.html  

That’s all; we are done with provisioning Amazon Managed Blockchain for HLF! 

To conclude, the creation, implementation, and management of blockchain networks in HLF gets streamlined with AWS Managed Blockchain. This means banks and financial institutions can focus on building and deploying blockchain-based solutions while AMB takes care of administrative tasks, network setup, and managing decentralized applications.  

Learn More about Encora

We are the software development company fiercely committed and uniquely equipped to enable companies to do what they can’t do now.

Learn More

Global Delivery

READ MORE

Careers

READ MORE

Industries

READ MORE

Related Insights

Enabling Transformation in Hospitality through Technology-Led Innovation

As the exclusive sponsor of the 2024 Hotel Visionary Awards, we support organizations leading ...

Read More

Key Insights from HLTH 2024: The Future of Patient-Centered Healthcare

Discover key insights from HLTH 2024 on digital health, AI in diagnostics, data interoperability, ...

Read More

Data-Driven Engineering: Transforming Operations and Products from Insight to Impact

Discover how data-driven engineering transforms operations and product development, enhancing team ...

Read More
Previous Previous
Next

Accelerate Your Path
to Market Leadership 

Encora logo

Santa Clara, CA

+1 669-236-2674

letstalk@encora.com

Innovation Acceleration

Speak With an Expert

Encora logo

Santa Clara, CA

+1 (480) 991 3635

letstalk@encora.com

Innovation Acceleration