Sounds Easy Right? Blockchain Templates? Yep, if you know AWS. If you do not know AWS then you will have some ramp up and at least a couple hours of fun learning.

I went ahead and created a course and a book around Blockchain as a Service. Its a booming area and I have to say being a Cloud guy its a natural fit.

Why Deploy on AWS?

AWS currently has at the time of writing two options to deploy blockchains. Amazon Managed Blockchain (Preview Mode)which is a fully managed platform (PaaS) and Amazon Blockchain Template which is essentially using containers that your setup and manage (IaaS).

There is also at the time of writing a distributed ledger technology that is still in pre release mode at the time of writing called Amazon Quantum Ledger Database (QLDB)

1. Amazon Managed Blockchain

Amazon Managed Blockchain is a fully managed service that makes it easy to create and manage scalable blockchain networks using popular open source frameworks Hyperledger Fabric and Ethereum. Amazon Managed Blockchain eliminates the overhead required to create the network, and automatically scales to meet the demands of thousands of applications running millions of transactions. Once your network is up and running,

Managed Blockchain makes it easy to manage and maintain your blockchain network. It manages your certificates, lets you easily invite new members to join the network, and tracks operational metrics such as usage of compute, memory, and storage resources

2. Amazon Blockchain Template

This option is for customers who are looking to manage their own blockchain network and just need an easy way to set up and get started, AWS Blockchain templates are the right fit.

Figure 1 AWS Blockchain Templates

AWS Blockchain Templates deploys the blockchain framework you choose as containers on an Amazon Elastic Container Service (ECS) cluster, or directly on an EC2 instance running Docker. The price is what you have already been paying for in AWS, essentially the use of the resources and not the yearly contract subscriptions.

Essentially, you pay only for the server and tools you use, not the blockchain service with Hyperledger and Ethereum.

The AWS solutions they provide are cross industry that could serve financial market and commerce, supply chain, insurance, healthcare, and KYC and Compliance.

High level steps to create a Hyperledger Fabric Blockchain service on AWS.

Below are the high level steps.

  • Determine what blockchain you will deploy (Ethereum, Corda or Hyperledger Fabric)
  • Determine what region on AWS to deploy on
  • Create a VPC
  • Create Key Pairs and Security Group
  • Cloud Formation Stack
  • Deploy template
  • Install Chaincode/Smart Contracts

Just to confirm these instructions although basic are meant for someone who has some experience with AWS. I do not cover the basics features, theory, processes, etc of AWS. I do mention brief notes to help anyone not familiar with AWS but this course was not meant to be a tutorial for AWS.

The instructions should be fine for someone not familiar with AWS to at least deploy the template. So lets get started.

Deploying AWS Blockchain Templates

The templates are available at the time of writing in Ethereum or Hyperledger Fabric. Another planning item you should consider is understanding the regions the templates are deployed in. The limited availability of regions certainly could be a show stopper if you’re in the EU or Asia for example due to possible latency that could be experienced.

The available regions are as follows.

  • US East (N. Virginia) region (us-east-1)
  • US East (Ohio) region (us-east-2)
  • US West (Oregon) region (us-west-2)

Figure 2 Blockchain Templates

Figure 2 Blockchain Templates

Figure 3 Hyperledger Fabric CloudFormation Template we will use below which is page 1

Figure 3 CloudFormation Page 1

The Blockchain templates use CloudFormation. CloudFormation is AWS’s version of Infrastructure as Code. It’s an easy to use tool that Essentially, Cloud

Figure 4 Hyperledger Fabric CloudFormation Template page 2

Figure 4 CloudFormation Template Page 2

Deploying Hyperledger on AWS

When using the Blockchain templates you’re essentially deploying a Hyperledger Template that AWS has made available to help facilitate creating a network hosted on an EC2 instance.

To accomplish this there are a few things to get our AWS Environment ready. We need to plan before hand and setup to ensure our template deployment is successful. If we do not plan accordingly and pay attention our blockchain will not work.

High Level Process for AWS Templates Preparation

1. Create VPC (Subnets)

2. Create Security Group which will allow traffic to the instance through ports we specify

3. Launch an EC2 Instance into the subnet and associate with an elastic IP. (Elastic IP allows traffic to access internet)

Create our VPC

1. Lets get started by creating a VPC from the main menu.

Figure 5 AWS Management Console

Figure 5 AWS Management Dashboard

2. Then we want to select VPC Wizard from the VPC dashboard.

Figure 6 Launch VPC Wizard is in the VPC Dashboard

Figure 6 VPC Dashboard

3. In the VPC Wizard lets enter information to create a non-default VPC. There are several options and we will select the “VPC with a Single Subnet” option.

The figure 7 shows the VPC configuration dialog

Figure 7 Create VPC

4. Lets configure the VPC

The figure 8 shows the Configure VPC interface

Figure 8 Default VPC Config

Select Create VPC

5. For the purposes for this demo we will leave the settings as default with the exception of VPC Name.

Let’s Enter: VPC Name – myblockchain

Figure 9 below shows the VPC name entered.

Figure 9 VPC Configuration

Figure 10 Shows Myblockchain VPC created

Figure 10 VPC Successfully Created

We would to select Create VPC to complete the steps to see the VPC Successfully Created result shows

The figure 11 below shows the VPC was created in VPC Dashboard.

figure 11 VPC Dashboard

6. Once we select OK, we will be brought to the VPC menu as shown above.

We now have our VPC Myblockchain created!

Check out my live training on Pearson Safari for Hyperledger Fabric

Understanding Hyperledger Fabric Blockchain
This training is focused on preparing IT professionals in Hyperledger Fabric 1.1 foundations and providing uses cases…

Create Security Group

7. The next step is to create a Security Group. A security group is a virtual firewall to help facilitate proper traffic. We would need to configure rules for outbound and inbound traffic to the instance.

The figure 12 below shows the Security Group Selection on the left pane that we need to select.

Figure 12 Security Group Sidebar

Figure Select Security Group

The figure 13 below shows the security groups.

Figure 13 Security Groups

8. We would want to select “Create Security Group” on top part of the interface. After we do that, we have the Security Group dialog box below

The figure 14 shows the Create Security Group dialog box

Figure 14 Security Groups Dialog Box

9. From the dialog box we would want to enter the following.

The figure 17 shows the Select Dialog Box with configuration of security group we will enter below.

Figure 17 Create Security Group

Below are variables we need to enter before selecting Create.

– Security Group name – Hyperledgerblockchain

– Description – Hyperledger Fabric Deployment

– VPC ID – (name of myblockchain VPC we created)

10. The below figure shows the security group completed

Figure 18 Create Security Group

Figure 18 Security Group Creation

11. Lets validate our security group is there in the figure 19

Figure Security Groups 19 dashboard

Figure 19 Security Groups Dashboard

The security group we created is there as highlighted by arrows below in the figure 20

Figure 20 Completed Security Group

Figure 20 Security Groups

12. We completed deploying the security group, however, we now need to configure the outbound and inbound firewall rules.

Select Inbound rules for bottom of menu interface

The figure 21 below shows the Inbound Rule selected down bottom of the screen.

Figure Inbound Rules Security

Figure 22 Edit Inbound Rules

Figure 22 Edit Inbound Rules

13. After selecting inbound rules we would want to edit the rule. Select Edit

The figure 23 below shows the Add rule selection box

Figure 23 Add Rule in Edit inbound Rules

14. Select the Add Rule.

Figure Add Rule shows below. Add HTTP and HTTPS

Figure 24 Add Rule HTTP and HTTPS

15. Lets add the firewall rule that allows HTTP and HTTPS traffic from anywhere. (This if for demo purposes so if your deploying a blockchain for development or test you may want to be very specific on your CIDR range.)

Figure 25 Shows the Inbound Security group completed after Close

Figure 25 Completed Edit

16. Select Close

Now lets deploy a Virtual machine to install the Hyperledger template via Cloudformation.IBM Blockchain Platform as a Service
Get to know Blockchain as a Service The IBM Blockchain Platform is a cloud-based platform which provides tools for you…

Deploy EC2 Instance

EC2 is AWS’s virtual machines. IaaS.

17. Now we should deploy and EC2 Instance into our new VPC. Let’s select VPC Dashboard.

The figure 26 below highlights the VPC Dashboard selection.

Figure 26 VPC Dashboard

18. Now that we are back at the dashboard. Let’s select Create EC2 Instance which is highlighted.

The figure 27 below shows the VPC Dashboard with Create EC2 Instance circled.

Figure 27 VPC Dashboard

Figure 27 VPC Dashboard

Now we want to launch an instance and can use a default AMI if we choose for demo purposes. (In development or production, you of course would want to be cautious on your VM configurations for performance and costing reasons)

Figure 28 Choose AMI Page

Figure 28 Choose AMI Page

19. For demo purposes I am selecting the first AMI.

The figure below shows the configurations available.

Figure 29 Select AMI Configuration

When Selecting an Amazon Machine Image be cautious you dont overselect. Generally you can go with Free Tier Eligible for demos.

The figure below shows the instance details available.

Figure 30 Configure Instance Details.

Figure 30 Configure Instance Details
Start Learning Today!

20. For demo purpose I will go with what’s available for the Free tier.

We are now in the Configure Instance Details and we want to select the correct Network and Subnet.

The figure below shows the interface

Figure 31 Configure details

Figure 31 Configure details

The figure 32 below has highlighted the Network and Subnet selected. This was created during our demo.

Network – Myblockchain. Note that there was only one subnet.

Figure 32 Network and Subnet Highlight.

Figure 32 Network and Subnet Highlight

21. Now we select the security group we created earlier.

The figure below has the option pointed with an arrow. Select

Figure 33 Security Group Selection

Figure 33 Security Group Selection

22. Next we select the security group Hyperledger Fabric

The figure below has this security group below.

Figure 34 Security Group Options

Figure 34 Security Group Options

23. Now let’s select the Hyperledger Security group and then select Review and Launch

The figure shows the security group that’s been selected

Figure 35 Hyperledger Fabric Security Group Selected

Figure 35 Hyperledger Fabric Security Group Selected

24. Now we have launched it. Let’s review the launch status.

The figure shows the launch status of the EC2 instance.

Figure 36 EC2 Launch Status

Figure 36 EC2 Launch Status

25. Instance was launched so let’s validate in the EC2 Dashboard.

The figure below shows the EC2 Instance deployed.

Figure 37 EC2 Instance Deployed

Figure 37 EC2 Instance Deployed

26. Now we are done with EC2 instance. Next up is to provision an Elastic IP. (Public IP – Static) Lets proceed to the VPC Dashboard

The figure below shows the VPC Dashboard.

Figure 38 VPC Dashboard

Figure 38 VPC Dashboard

27. Now we need to configure an external IP. In AWS its called an Elastic IP.

The figure below show the Elastic IP Interface.

Figure 39 Elastic IP Interface

Figure 39 Elastic IP Interface

28. Select Allocate

The figure below shows the allocation for the VPC Elastic IP has succeeded.

Figure 40 Allocated New Address

Figure 40 Allocated New Address

Now let’s select Close.

The figure below shows the IP Configuration

Figure 41 IP Configured

Figure 41 IP Configured

Key pairs are needed to provide SSH Access. Go to the EC2 Dashboard

The figure below shows the key pairs.

Figure 42 Create Key Pair

Figure 42 Create Key Pair

The key pairs are under the section “Key Pairs. You can there are three key pairs listed.

29. Select a keypair for SSH access to the EC2 Instance. In this case the key pair we will create and then download the PEM.

The figure below shows the dialog box for creating a new key pair

Figure 43 Create Key Pair Dialog Box

Figure 43 Create Key Pair Dialog Box

30 The PEM file will download, and you would need to save on your desktop in a safe location. Remember, this is the key pair to access you EC2 instance.

Figure shows the PEM File download location

Figure 44 Download PEM File

Figure 44 Download PEM File

Now we have our new Key File ‘blockchainbook” and save to your desktop so you can access later.

Figure 45 Blockchainbook PEM File

Figure 45 Blockchainbook PEM File

31. Now we need to create another security group to allow access to the EC2 instance

Go to the Security Group Section in the EC2 dashboard.

The figure below shows the Security Group Dashboard

Figure 46 Security Group Dashboard

Figure 46 Security Group Dashboard

Now select Create security group and select the VPC

Figure below references the Create Security Group

Figure 47 Create Security Group

Figure 47 Create Security Group

32. Configure the security group is being configured as

– Security Group Name: Blockchainbook

– Description: Blockchain security group

– VPC = myblockchain

The figure below show the Create Security Group Interface.

Figure 48 Security Group Configuration

Figure 48 Security Group Configuration

33. Select Create.

The results should be similar as in Figure below

Figure 49 Security Group “Blockchainbook”

Figure 49 Security Group “Blockchainbook”

34. We know need to allow traffic into the security group, so we need to edit the rules of security group so select the security group “blockchainbook” and edit the inbound rules by select EDIT

The figure below shows the EDIT inbound rules screen.

Figure 50 Edit Inbound Rules

Figure 50 Edit Inbound Rules

35. We know need to add the following to inbound rule

– SSH for access from port 22

– Custom TCP for Monitoring port 8080

As part of the config there are choices for the source. Select MyIP since it will pick up your source IP from logging into AWS automatically.

Figure below shows the edit port configuration menu

Figure 51 Edit Port Configuration

Figure 51 Edit Port Configuration

We want to now save the rule.

The figure below shows the newly created inbound rules below.

Figure 52 Completed Inbound Rules

Figure 52 Completed Inbound Rules

36. We know want to create some roles and policies. Select IAM and select the policy group

The figure 53 below shows the IAM dashboard.

Figure 53 Welcome to IAM Dashboard

Figure 53 Welcome to IAM Dashboard

Under the Policies we want to create a policy for S3 and CloudFormation

Figure below shows the IAM Policy menu

Figure 54 IAM Policy

Figure 54 IAM Policy

We now will select Create Policy.

The figure below shows the Create Policy dialog box

Figure 55 Create policy

Figure 55 Create policy

37. For the purposes of this book I have deployed the two policies. They reflect the permissions for S3 and ECR required. Essentially, in AWS policies are needed to allow the Cloud Formation deployment to work.Note the concepts around deploying these policies are beyond the scope of the course/blog.

Figure below shows the dialog box we will select the services for the policy from,

Figure 56 Policy Create Dialog S3 and ECR

Figure 56 Policy Create Dialog S3 and ECR

38. Create a Role back at the IAM dashboard by select Roles

Figure below shows the Roles Dashboard

Figure 57 IAM Dashboard

Figure 57 IAM Dashboard

The figure below shows the Roles Dashboard. The role we will need to create will be for EC2.

Figure below shows the roles creation dialog interface

Figure 58 Roles

Figure 58 Roles

40. Select Create Role

The figure 59 below shows the create role dashboard. We will select EC2

Figure 59 Create Role dashboard

Figure 59 Create Role dashboard

Highlight the EC2 service

The figure below shows the EC2 instance highlighted

Figure 60 Create EC2 Role

Figure 60 Create EC2 Role

The figure below shows the permissions

Figure 61 Attach Permissions

Figure 61 Attach Permissions

Now we need to select the permissions for the policy we created earlier ECSEC2

The figure 62 shows the policy.

Figure 62 ECSEC2 Policy Permissions

Figure 62 ECSEC2 Policy Permissions

42. Lets enter blockchain tag and then select Review

The figure below shows this tag and value entered

Figure 63 Tags for EC2 Policy

Figure 63 Tags for EC2 Policy

43. We now need to name the role EC2Blockchain

Figure below shows the Create Role interface

Figure 64 EC2 Blockchain Role Naming

Figure 64 EC2 Blockchain Role Naming

44. Now select the new role and we need to note our ARN

The figure below highlights the Instance Profile ARN we will need to reference later.

Figure 65 Instance Profile ARN

Figure 65 Instance Profile ARN

Now that we finally created all the needed permissions, roles and networking we can now start to deploy our blockchain template.

Up to 60% OFF courses & certifications, Plus a FREE T-Shirt w/ the Linux Foundation!

Deploy Blockchain template for Hyperledger Fabric

45. Now go to the blockchain template page on AWSGetting Started

and lets get started deploying the Hyperledger Fabric Template

The figure below shows the blockchain template page on AWS. We will be using the Hyperledger Fabric CloudFormation template.

Figure 66 AWS Blockchain Templates

Figure 66 AWS Blockchain Templates

46. Select Northern Virginia Hyperledger Template.

The figure below shows the CloudFormation Template that will be used.

Figure 67 CloudFormation Create Stack Template

Figure 67 CloudFormation Create Stack Template

CloudFormation uses what is called a “Stack” to deploy resources.

Let’s enter the name for the Stack: blockchainbook

Figure below shows the lower part of the stack page.

Figure 68 Create Stack Name

For the purposes of demo, I went ahead and selected the relative info we needed.

Figure below shows the settings that we will use the deployment

Figure 69 Select Template Settings populated

Figure 69 Select Template Settings populated

The figure below shows the remaining setting to be selected.

Figure 70 Part2 Template Settings

Figure 70 Part2 Template Settings

47. Select Create to initiate the Stack creation.

The figure 71 below shows the stack creation process has started. The process may take a few minutes to complete

Figure 71 Stack Creation Initiated

Figure 71 Stack Creation Initiated

The figure below shows the stack creation completed.

Figure 72 Stack Create Completion

Figure 72 Stack Create Completion

What happened. Essentially the CloudFormation template has launched and deployed our blockchain network. Let’s validate via the Event logs

48. Lets view the Event Logs which will be similar to figure 73

Figure 73 Event Logs

Figure 73 Event Logs

The event logs show that the blockchain deployed the networking and the EC2 instance.

49. Lets validate the components such as the blockchain explorer. Select Outputs.

The figure below shows the outputs

Figure 74 CloudFormation

Figure 74 CloudFormation

51. Select the URL for the blockchain explorer. The Explorer will validate that our network is online, our nodes are there, etc.

Let’s validate that our Hyperledger Fabric network is LIVE!

Figure 75 shows our new network deployment in the Blockchain explorer. A blockchain explorer will show you the activity on the blockchain such as nodes connected, transactions and smart contracts.

Figure 75 Hyperledger Explorer.

Figure 75 Hyperledger Explorer.

The figure 76 below shows the current default Peer graph for the network that was deployed. Shows the peers on the network

Figure 76 Peergraph

Figure 76 Peergraph

The explorer shows we are live. We have nodes online as well. Because its just installed and we have not installed Chaincode we won’t have any further activity

52. Lets validate our nodes network is online.

The network explorer shows our nodes in figure below

Figure 77 Hyperledger Network Peers

Figure 77 Hyperledger Network Peers

53. Verify Blocks have been written

Figure shows that we have blocks written to the blockchain. The initial block “0” is the genesis block

Figure 78 Hyperledger Explorer Blocks

Figure 78 Hyperledger Explorer Blocks

The figure below show the default organizations (members) that are created.

Figure 79 Organizations Org1 and Org2

Well we deployed the template. Congratulations!

Let’s Review.

We successfully configured a blockchain template on AWS for Hyperledger Fabric. If you followed along the process to setup networking, policies and roles takes some time for the EC2 instance. The CloudFormation template allowed us to deploy a blockchain in only a few clicks after the initial configuration was done.

Done. Now Ill take on the Smart Contract deployment in the next article.

If your thinking of taking the Certified Blockchain Solutions Architect (CBSA) Exam then join in on my CBSA Exam Cram Session on Pearson Safari.Certified Blockchain Solutions Architect (CBSA) Certification Crash Course
This training is focused on preparing IT professionals to successfully pass the Certified Blockchain Solutions…

My book on Amazon! Architecting Enterprise Blockchain Solutions from Wiley Sybex.

Check out my Youtube as well for helpful videos!

Joe Holbrook, The Cloud Tech Guy Jax, FL

Carry on fellow Blockchain Gurus!

3 thoughts on “How to Deploy Hyperledger Fabric on AWS with Blockchain Templates.

  1. Hey – Thank you for this! I followed all the steps and when I clicked on the URL – it wouldnt load and then connection timed out. Do you have any troubleshooting steps?

Leave a Reply