Sounds Easy Right? Blockchain Templates? Yep, if you know AWS. If you do not know AWS then you will have some ramp up and at least a couple hours of fun learning.
I went ahead and created a course and a book around Blockchain as a Service. Its a booming area and I have to say being a Cloud guy its a natural fit.
Why Deploy on AWS?
AWS currently has at the time of writing two options to deploy blockchains. Amazon Managed Blockchain (Preview Mode)which is a fully managed platform (PaaS) and Amazon Blockchain Template which is essentially using containers that your setup and manage (IaaS).
There is also at the time of writing a distributed ledger technology that is still in pre release mode at the time of writing called Amazon Quantum Ledger Database (QLDB)
1. Amazon Managed Blockchain
Amazon Managed Blockchain is a fully managed service that makes it easy to create and manage scalable blockchain networks using popular open source frameworks Hyperledger Fabric and Ethereum. Amazon Managed Blockchain eliminates the overhead required to create the network, and automatically scales to meet the demands of thousands of applications running millions of transactions. Once your network is up and running,
Managed Blockchain makes it easy to manage and maintain your blockchain network. It manages your certificates, lets you easily invite new members to join the network, and tracks operational metrics such as usage of compute, memory, and storage resources
2. Amazon Blockchain Template
This option is for customers who are looking to manage their own blockchain network and just need an easy way to set up and get started, AWS Blockchain templates are the right fit.
Figure 1 AWS Blockchain Templates
AWS Blockchain Templates deploys the blockchain framework you choose as containers on an Amazon Elastic Container Service (ECS) cluster, or directly on an EC2 instance running Docker. The price is what you have already been paying for in AWS, essentially the use of the resources and not the yearly contract subscriptions.
Essentially, you pay only for the server and tools you use, not the blockchain service with Hyperledger and Ethereum.
The AWS solutions they provide are cross industry that could serve financial market and commerce, supply chain, insurance, healthcare, and KYC and Compliance.
High level steps to create a Hyperledger Fabric Blockchain service on AWS.
Below are the high level steps.
- Determine what blockchain you will deploy (Ethereum, Corda or Hyperledger Fabric)
- Determine what region on AWS to deploy on
- Create a VPC
- Create Key Pairs and Security Group
- Cloud Formation Stack
- Deploy template
- Install Chaincode/Smart Contracts
Just to confirm these instructions although basic are meant for someone who has some experience with AWS. I do not cover the basics features, theory, processes, etc of AWS. I do mention brief notes to help anyone not familiar with AWS but this course was not meant to be a tutorial for AWS.
The instructions should be fine for someone not familiar with AWS to at least deploy the template. So lets get started.
Deploying AWS Blockchain Templates
The templates are available at the time of writing in Ethereum or Hyperledger Fabric. Another planning item you should consider is understanding the regions the templates are deployed in. The limited availability of regions certainly could be a show stopper if you’re in the EU or Asia for example due to possible latency that could be experienced.
The available regions are as follows.
- US East (N. Virginia) region (us-east-1)
- US East (Ohio) region (us-east-2)
- US West (Oregon) region (us-west-2)
Figure 2 Blockchain Templates
Figure 3 Hyperledger Fabric CloudFormation Template we will use below which is page 1
The Blockchain templates use CloudFormation. CloudFormation is AWS’s version of Infrastructure as Code. It’s an easy to use tool that Essentially, Cloud
Figure 4 Hyperledger Fabric CloudFormation Template page 2
Deploying Hyperledger on AWS
When using the Blockchain templates you’re essentially deploying a Hyperledger Template that AWS has made available to help facilitate creating a network hosted on an EC2 instance.
To accomplish this there are a few things to get our AWS Environment ready. We need to plan before hand and setup to ensure our template deployment is successful. If we do not plan accordingly and pay attention our blockchain will not work.
High Level Process for AWS Templates Preparation
1. Create VPC (Subnets)
2. Create Security Group which will allow traffic to the instance through ports we specify
3. Launch an EC2 Instance into the subnet and associate with an elastic IP. (Elastic IP allows traffic to access internet)
Create our VPC
1. Lets get started by creating a VPC from the main menu.
Figure 5 AWS Management Console
2. Then we want to select VPC Wizard from the VPC dashboard.
Figure 6 Launch VPC Wizard is in the VPC Dashboard
3. In the VPC Wizard lets enter information to create a non-default VPC. There are several options and we will select the “VPC with a Single Subnet” option.
The figure 7 shows the VPC configuration dialog
4. Lets configure the VPC
The figure 8 shows the Configure VPC interface
Select Create VPC
5. For the purposes for this demo we will leave the settings as default with the exception of VPC Name.
Let’s Enter: VPC Name – myblockchain
Figure 9 below shows the VPC name entered.
Figure 10 Shows Myblockchain VPC created
We would to select Create VPC to complete the steps to see the VPC Successfully Created result shows
The figure 11 below shows the VPC was created in VPC Dashboard.
6. Once we select OK, we will be brought to the VPC menu as shown above.
We now have our VPC Myblockchain created!
Check out my live training on Pearson Safari for Hyperledger Fabric
Create Security Group
7. The next step is to create a Security Group. A security group is a virtual firewall to help facilitate proper traffic. We would need to configure rules for outbound and inbound traffic to the instance.
The figure 12 below shows the Security Group Selection on the left pane that we need to select.
Figure Select Security Group
The figure 13 below shows the security groups.
8. We would want to select “Create Security Group” on top part of the interface. After we do that, we have the Security Group dialog box below
The figure 14 shows the Create Security Group dialog box
9. From the dialog box we would want to enter the following.
The figure 17 shows the Select Dialog Box with configuration of security group we will enter below.
Below are variables we need to enter before selecting Create.
– Security Group name – Hyperledgerblockchain
– Description – Hyperledger Fabric Deployment
– VPC ID – (name of myblockchain VPC we created)
10. The below figure shows the security group completed
Figure 18 Create Security Group
11. Lets validate our security group is there in the figure 19
Figure Security Groups 19 dashboard
The security group we created is there as highlighted by arrows below in the figure 20
Figure 20 Completed Security Group
12. We completed deploying the security group, however, we now need to configure the outbound and inbound firewall rules.
Select Inbound rules for bottom of menu interface
The figure 21 below shows the Inbound Rule selected down bottom of the screen.
Figure 22 Edit Inbound Rules
13. After selecting inbound rules we would want to edit the rule. Select Edit
The figure 23 below shows the Add rule selection box
14. Select the Add Rule.
Figure Add Rule shows below. Add HTTP and HTTPS
15. Lets add the firewall rule that allows HTTP and HTTPS traffic from anywhere. (This if for demo purposes so if your deploying a blockchain for development or test you may want to be very specific on your CIDR range.)
Figure 25 Shows the Inbound Security group completed after Close
16. Select Close
Now lets deploy a Virtual machine to install the Hyperledger template via Cloudformation.IBM Blockchain Platform as a Service
Get to know Blockchain as a Service The IBM Blockchain Platform is a cloud-based platform which provides tools for you…learning.oreilly.com
Deploy EC2 Instance
EC2 is AWS’s virtual machines. IaaS.
17. Now we should deploy and EC2 Instance into our new VPC. Let’s select VPC Dashboard.
The figure 26 below highlights the VPC Dashboard selection.
18. Now that we are back at the dashboard. Let’s select Create EC2 Instance which is highlighted.
The figure 27 below shows the VPC Dashboard with Create EC2 Instance circled.
Figure 27 VPC Dashboard
Now we want to launch an instance and can use a default AMI if we choose for demo purposes. (In development or production, you of course would want to be cautious on your VM configurations for performance and costing reasons)
Figure 28 Choose AMI Page
19. For demo purposes I am selecting the first AMI.
The figure below shows the configurations available.
Figure 29 Select AMI Configuration
When Selecting an Amazon Machine Image be cautious you dont overselect. Generally you can go with Free Tier Eligible for demos.
The figure below shows the instance details available.
Figure 30 Configure Instance Details.
20. For demo purpose I will go with what’s available for the Free tier.
We are now in the Configure Instance Details and we want to select the correct Network and Subnet.
The figure below shows the interface
Figure 31 Configure details
The figure 32 below has highlighted the Network and Subnet selected. This was created during our demo.
Network – Myblockchain. Note that there was only one subnet.
Figure 32 Network and Subnet Highlight.
21. Now we select the security group we created earlier.
The figure below has the option pointed with an arrow. Select
Figure 33 Security Group Selection
22. Next we select the security group Hyperledger Fabric
The figure below has this security group below.
Figure 34 Security Group Options
23. Now let’s select the Hyperledger Security group and then select Review and Launch
The figure shows the security group that’s been selected
Figure 35 Hyperledger Fabric Security Group Selected
24. Now we have launched it. Let’s review the launch status.
The figure shows the launch status of the EC2 instance.
Figure 36 EC2 Launch Status
25. Instance was launched so let’s validate in the EC2 Dashboard.
The figure below shows the EC2 Instance deployed.
Figure 37 EC2 Instance Deployed
26. Now we are done with EC2 instance. Next up is to provision an Elastic IP. (Public IP – Static) Lets proceed to the VPC Dashboard
The figure below shows the VPC Dashboard.
Figure 38 VPC Dashboard
27. Now we need to configure an external IP. In AWS its called an Elastic IP.
The figure below show the Elastic IP Interface.
Figure 39 Elastic IP Interface
28. Select Allocate
The figure below shows the allocation for the VPC Elastic IP has succeeded.
Figure 40 Allocated New Address
Now let’s select Close.
The figure below shows the IP Configuration
Figure 41 IP Configured
Key pairs are needed to provide SSH Access. Go to the EC2 Dashboard
The figure below shows the key pairs.
Figure 42 Create Key Pair
The key pairs are under the section “Key Pairs. You can there are three key pairs listed.
29. Select a keypair for SSH access to the EC2 Instance. In this case the key pair we will create and then download the PEM.
The figure below shows the dialog box for creating a new key pair
Figure 43 Create Key Pair Dialog Box
30 The PEM file will download, and you would need to save on your desktop in a safe location. Remember, this is the key pair to access you EC2 instance.
Figure shows the PEM File download location
Figure 44 Download PEM File
Now we have our new Key File ‘blockchainbook” and save to your desktop so you can access later.
Figure 45 Blockchainbook PEM File
31. Now we need to create another security group to allow access to the EC2 instance
Go to the Security Group Section in the EC2 dashboard.
The figure below shows the Security Group Dashboard
Figure 46 Security Group Dashboard
Now select Create security group and select the VPC
Figure below references the Create Security Group
Figure 47 Create Security Group
32. Configure the security group is being configured as
– Security Group Name: Blockchainbook
– Description: Blockchain security group
– VPC = myblockchain
The figure below show the Create Security Group Interface.
Figure 48 Security Group Configuration
33. Select Create.
The results should be similar as in Figure below
Figure 49 Security Group “Blockchainbook”
34. We know need to allow traffic into the security group, so we need to edit the rules of security group so select the security group “blockchainbook” and edit the inbound rules by select EDIT
The figure below shows the EDIT inbound rules screen.
Figure 50 Edit Inbound Rules
35. We know need to add the following to inbound rule
– SSH for access from port 22
– Custom TCP for Monitoring port 8080
As part of the config there are choices for the source. Select MyIP since it will pick up your source IP from logging into AWS automatically.
Figure below shows the edit port configuration menu
Figure 51 Edit Port Configuration
We want to now save the rule.
The figure below shows the newly created inbound rules below.
Figure 52 Completed Inbound Rules
36. We know want to create some roles and policies. Select IAM and select the policy group
The figure 53 below shows the IAM dashboard.
Figure 53 Welcome to IAM Dashboard
Under the Policies we want to create a policy for S3 and CloudFormation
Figure below shows the IAM Policy menu
Figure 54 IAM Policy
We now will select Create Policy.
The figure below shows the Create Policy dialog box
Figure 55 Create policy
37. For the purposes of this book I have deployed the two policies. They reflect the permissions for S3 and ECR required. Essentially, in AWS policies are needed to allow the Cloud Formation deployment to work.Note the concepts around deploying these policies are beyond the scope of the course/blog.
Figure below shows the dialog box we will select the services for the policy from,
Figure 56 Policy Create Dialog S3 and ECR
38. Create a Role back at the IAM dashboard by select Roles
Figure below shows the Roles Dashboard
Figure 57 IAM Dashboard
The figure below shows the Roles Dashboard. The role we will need to create will be for EC2.
Figure below shows the roles creation dialog interface
Figure 58 Roles
40. Select Create Role
The figure 59 below shows the create role dashboard. We will select EC2
Figure 59 Create Role dashboard
Highlight the EC2 service
The figure below shows the EC2 instance highlighted
Figure 60 Create EC2 Role
The figure below shows the permissions
Figure 61 Attach Permissions
Now we need to select the permissions for the policy we created earlier ECSEC2
The figure 62 shows the policy.
Figure 62 ECSEC2 Policy Permissions
42. Lets enter blockchain tag and then select Review
The figure below shows this tag and value entered
Figure 63 Tags for EC2 Policy
43. We now need to name the role EC2Blockchain
Figure below shows the Create Role interface
Figure 64 EC2 Blockchain Role Naming
44. Now select the new role and we need to note our ARN
The figure below highlights the Instance Profile ARN we will need to reference later.
Figure 65 Instance Profile ARN
Now that we finally created all the needed permissions, roles and networking we can now start to deploy our blockchain template.Up to 60% OFF courses & certifications, Plus a FREE T-Shirt w/ the Linux Foundation!
Deploy Blockchain template for Hyperledger Fabric
45. Now go to the blockchain template page on AWSGetting Started
and lets get started deploying the Hyperledger Fabric Template
The figure below shows the blockchain template page on AWS. We will be using the Hyperledger Fabric CloudFormation template.
Figure 66 AWS Blockchain Templates
46. Select Northern Virginia Hyperledger Template.
The figure below shows the CloudFormation Template that will be used.
Figure 67 CloudFormation Create Stack Template
CloudFormation uses what is called a “Stack” to deploy resources.
Let’s enter the name for the Stack: blockchainbook
Figure below shows the lower part of the stack page.
Figure 68 Create Stack Name
For the purposes of demo, I went ahead and selected the relative info we needed.
Figure below shows the settings that we will use the deployment
Figure 69 Select Template Settings populated
The figure below shows the remaining setting to be selected.
Figure 70 Part2 Template Settings
47. Select Create to initiate the Stack creation.
The figure 71 below shows the stack creation process has started. The process may take a few minutes to complete
Figure 71 Stack Creation Initiated
The figure below shows the stack creation completed.
Figure 72 Stack Create Completion
What happened. Essentially the CloudFormation template has launched and deployed our blockchain network. Let’s validate via the Event logs
48. Lets view the Event Logs which will be similar to figure 73
Figure 73 Event Logs
The event logs show that the blockchain deployed the networking and the EC2 instance.
49. Lets validate the components such as the blockchain explorer. Select Outputs.
The figure below shows the outputs
Figure 74 CloudFormation
51. Select the URL for the blockchain explorer. The Explorer will validate that our network is online, our nodes are there, etc.
Let’s validate that our Hyperledger Fabric network is LIVE!
Figure 75 shows our new network deployment in the Blockchain explorer. A blockchain explorer will show you the activity on the blockchain such as nodes connected, transactions and smart contracts.
Figure 75 Hyperledger Explorer.
The figure 76 below shows the current default Peer graph for the network that was deployed. Shows the peers on the network
Figure 76 Peergraph
The explorer shows we are live. We have nodes online as well. Because its just installed and we have not installed Chaincode we won’t have any further activity
52. Lets validate our nodes network is online.
The network explorer shows our nodes in figure below
Figure 77 Hyperledger Network Peers
53. Verify Blocks have been written
Figure shows that we have blocks written to the blockchain. The initial block “0” is the genesis block
Figure 78 Hyperledger Explorer Blocks
The figure below show the default organizations (members) that are created.
Figure 79 Organizations Org1 and Org2
Well we deployed the template. Congratulations!
We successfully configured a blockchain template on AWS for Hyperledger Fabric. If you followed along the process to setup networking, policies and roles takes some time for the EC2 instance. The CloudFormation template allowed us to deploy a blockchain in only a few clicks after the initial configuration was done.
Done. Now Ill take on the Smart Contract deployment in the next article.
If your thinking of taking the Certified Blockchain Solutions Architect (CBSA) Exam then join in on my CBSA Exam Cram Session on Pearson Safari.Certified Blockchain Solutions Architect (CBSA) Certification Crash Course
This training is focused on preparing IT professionals to successfully pass the Certified Blockchain Solutions…learning.oreilly.com
Pre Order my book on Amazon! Architecting Enterprise Blockchain Solutions from Wiley Sybex.
Check out my Youtube as well for helpful videos!
Joe Holbrook, The Cloud Tech Guy Jax, FL
Carry on fellow Blockchain Gurus!
Joseph H. — “Contract” Technical Trainer (IBM Hyperledger Blockchain and Google Cloud) — Pearson |…
Join LinkedIn Joe Holbrook has been in the computer field since 1993 when he was exposed to several HPUX systems on…www.linkedin.com