What is AWS Managed Blockchain? The test show is here!

Se você está procurando esse artigo em Portugês, você pode acessar por aqui.

In 2019 Amazon Web Services has launched the platform AWS Managed Blockchain, it is still under development, they are continuously improving and evolving it, but the market is still skeptical about this solution, it is a brand new concept and too disruptive, that means there are still a lot to be found out for the Fully Managed Blockchain applications.

The idea of Amazon was to reduce the distance between the Blockchain technology and your applications in the real world, bringin a new and easier way to build, install and configure a decentralized platform such as Hyperledger Fabric or Ethereum

AWS Managed Blockchain design and operation.

AWS Managed Blockchain can be configured, installed and build also on Cli/CloudFormation, allowing automation and replication of the project.

On short-hand, AWS Managed Blockchain is a peer-to-peer between the network members, in this article I will decouple the service and give a small brief about it, using a example that I’ve made on my own personal account.

In this article I will not explain how to run, build nor configure a network , if you want it, you can go to the AWS Documentation, wich I have followed to build the example’s network.

— The structure

AWS Managed Blockchain is made of a few components

1. A orderer service, responsible for the proposal queue and the consensus mechanism between the members and its peer nodes.
2. The VPC, encapsulate booth Peer Nodes and Certificate Authorities, we will detail them further.
3. Hyperledger Fabric networks have a feature called “Channels”. This channels allow two members of the network to comunicate privately, without the changes beign published further to others.
4. There are also the members of the network, eachone with those characteristics:

• The members must be invited and approved by a threshold of the members that are already in the network.
• Can be invited to the network any AWS account or IAM user.

Each network member has a VPC inside the Blockchain network, and it has:

• Certificate Authority, the responsible for allow or deny any remote connection made by a Hyperledger Client, it uses TLS protocol for security
• Peer nodes, they run the chiancodes -also known as Smart Contracts-, store a local copy of the ledger and validate all new blocks sent by the Hyperledger Clients connecteds to it, if the new block is good, it’s sent to the orderer service.

In the draw above, we have a Managed Blockchain Network, encapsulating the four member’s VPCs.

1. Filmmaker Consortium
2. OTT Vendor 1
3. OTT Vendor 2
4. Banking Industry

There is a channel between the Filmmaker Consortium and the Banking Industry, in this example, the channel completly isolates all banking and personal information shared between them, so, any other member outside the channel can access their shared information.

Network member’s VPC has a Endpoint, an entry for Hyperledger Clients to connect for execute queries and send new blocks. The VPC is secured by the AWS Security Group associated to it, so, each network member is responsible for your own VPC security.

— Peer Nodes

The main concept of AWS Managed Blockchain, it do validate new blocks sent by the Hyperledger Client, if is a valid one, sent it to the orderer service, to be voted under the Consensus Mechanism.

AWS Managed Blockchain allows many Hyperledger Clients to connect to a single peer node, and it also allows that a single client connects to multiple peer nodes. So, use peer nodes on-demand, a member can have multiple nodes attached.

Peer nodes hold the bussiness logic, so, each member can handle the data of the blockchain independently, without a centralized authority.

Peer nodes on AWS Managed Blockchain and Hyperledger Clients have a native support for Hyperledger Fabric Shim, a low-level library that interfaces the chaincode with NodeJS, allowing an ease development of features and APIs.

— Proof of Concept

The project cenarium is a DRM royalties distribution, fully automated, imutable, trustable and plug’n’play. Royalties should be distributed each time some “OTT Vendor” plays a midia provided by the “Filmmaker Consortium” and once it happens, the owner of the asset recieve a Coin on “Banking Industry”

We need to remember that Blockchains are incremental only, data cannot be edited nor deleted, so, our schema for this concept was as simple as possible.

1. Project final Architecture:

2. Filmmaker Consortium

The Consortium creates the AWS Managed Blockchain and invite the others to join it. After that, they built a Hyperledger Client under an EC2 instance, and using Hyperledger Fabric Shim, a API was developed to serve a Admin Panel.

3. OTT Vendor 1

This member has an mobile app only, and their cloud hasn’t any structure before, so, they built an Hyperledger Fabric Client under a EC2 instance, using the shim for develop a Rest API and connected it to the app using a API Gateway. Each time a content is watched, the app sent a request to the Client, and the client forward it to the Peer Node, the Peer Node’s response is the encrypted data for a DRM File.

4. OTT Vendor 2

They have a complex cloud and environment, their system is built under a Elastic Kubernets Service — EKS, so they built a Lambda that is triggered everytime the “Play API” is called, this Lambda is responsible to send information through the Hyperledger Client and generate the DRM File in a S3 Bucket with the Blockchain’s chaincode response.

5. Banking Industry

Due to the lack of knowloedge of a Banking’s infraestructure, I don’t made any application, I just set a Hyperledger Client to recieve the data through the channel created.

While writing down this article, I had an idea to use AWS SNS for an pub/sub system as an application for the Banking Industry, but I didn’t tried it.

— Conclusion

For those that lack knownloedge about Blockchain, or for those that don’t know how to implement an Hyperledger Fabric Network from zero, as myself, AWS Managed Blockchain is an great tool for testing and learning. Thinking on scale, MB isn’t a literally distributed ledger, after all, every peer node is on AWS.

Blockchain is one of the top trending technologies latelly, and centralize it on AWS, and use it through Rest API’s sounds cool. But, the market is still suspicious about Managed Blockchain because it isn’t a distributed ledger after all.

A simple view about blockchain and distributed ledger

We will discover all the AWS Managed Blockchain capabilities in time, some of them must be incredible, but, for now, it’s still an on-going product. Ethereum was just added as an network system option, wich allows MB to have a Criptocurrency native.

There are some limitations and concerns about MB, as it still only on us-east-1 region and the price still up-high, I’ve paid about USD 55,00 for a three days use, with nothing more than 100 requests and 4 members — IAM roles, using t2.micro free tier whenever was possible.

There is no free-tier for AWS Managed Blockchain yet, they should do it, in this way, people could massivelly test and discover new usages for it.

References

• Walkthrough to run a AWS Managed Blockchain from AWS Cli and CloudFormation can be found in this GitHub’s repository
• Public reviews about AWS Managed Blockchain under G2 website
• AWS Managed Blockchain landing page
• Official Docs, I’ve used it to build the Proof of Concept