More Related Content Similar to Build your first blockchain application with Amazon Managed Blockchain - SVC219 - New York AWS Summit (20) More from Amazon Web Services (20) Build your first blockchain application with Amazon Managed Blockchain - SVC219 - New York AWS Summit1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Build your first blockchain application
with Amazon Managed Blockchain
Mert Hocanin
Big Data Architect
AWS
S V C 2 1 9
Evren Sen
Solutions Architect
AWS
2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Workshop objectives
Create an Amazon Managed Blockchain Fabric network. Then deploy an application that interacts
with the Fabric network. You will do the following:
• Create a Managed Blockchain Fabric network (Done!)
• Create a peer node in the network
• Create a new channel, and install and instantiate the chaincode
• Query the chaincode and invoke transactions
• Deploy a RESTful API that connects to the Fabric network and exposes the
chaincode functions as REST endpoints
• Test the RESTful API using cURL
• Deploy a Node.js application that calls the RESTful API
3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Layers you will build in this workshop:
1. Hyperledger Fabric network & chaincode that executes on the Fabric peer node.
2. A RESTful API that uses the Hyperledger Fabric Client SDK to interact with the Fabric
network
3. A user interface application that calls the API
Workshop layered architecture
Interact with
application
Use REST
resources
Connect via
Fabric SDK
RESTful API
4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Related breakouts
SVC217 - Building enterprise solutions with blockchain
technology
Shruthi Rao
5. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Blockchain builds trust in a network
Eliminates the need for central authority in business networks
Three main components: distributed ledger, consensus mechanism,
and “smart contract” execution environment
7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Blockchain components: Distributed ledger database
The journal records an immutable log of all transactions
and is maintained by nodes in the blockchain network
Block 62
Block hash: 000044bf2efe32
Previous block hash:
000087ea2ffe94
Timestamp
Transaction
Transaction
Block 61
Block hash: 000087ea2ffe94
Previous block hash:
000057ec2fda71
Timestamp
Transaction
Transaction
Block 60
Block hash:
000057ec2fda71
Previous block hash:
0000d68b2f0a3b
Timestamp
Transaction
Transaction
8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Blockchain components: Consensus mechanism
Some important attributes
• Complicated fault tolerance
• Transaction rate, energy consumption
• Hardware requirements
• Security
9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Blockchain components: “smart contracts”
• Rules embedded in app
• Verified execution of code
• Conditional operators
• Application writes to ledger
• Contract can interact with
components outside of the
blockchain network (off-chain)
10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Public and permissioned networks
Public networks allow anyone to participate in
the network. Members are incentivized to
maintain the network.
Permissioned networks limit
the members to known entities.
11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Customers are experimenting in many industries
Proof of ownership
Digital security trading
Documents/contracts
Enterprise platforms
Financial
Insurance
Mortgage loans
Voting mechanisms
Patient records
Corporate governance
HCLS
Real estate
Legal
Agriculture
Gaming
M&E
Transportation
Digital advertising
Power & Utilities
Retail
Capital markets
Cloud
OwnershipPrivate markets
Derivatives
Wagers
Global payments
Remittance
Notarization
Equity
Microfinance
Intellectual property
Title record
Escrow
Digital rights
Ecommerce
Debt
Crowdfunding
P2P lending
Healthcare
Voting
Trustees
Smart
contracts
Digital
currency
Securities
Record
keeping
Blockchain
technology
12. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
What is Amazon Managed Blockchain?
Amazon Managed Blockchain is a fully managed service that makes it easy
to create and manage scalable blockchain networks using popular open-
source frameworks:
Hyperledger Fabric and Ethereum
14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Amazon Managed Blockchain
Easily create and manage scalable blockchain networks
Quickly create blockchain networks
that span multiple AWS accounts.
Easily add or remove members and
monitor the network.
Fully managed Choice of Hyperledger
Fabric or Ethereum
Improves reliabilityScalable and secure
Easily scale your blockchain
network as the usage grows. Also,
Managed Blockchain secures your
network certificates with AWS
KMS.
Choose the right framework for
your needs, whether you are
building a permissioned or public
network.
Managed Blockchain improves the
reliability of the “ordering service,”
by replacing the default technology
with Amazon QLDB. This improves
durability.
15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
How Amazon Managed Blockchain works
Amazon Managed
Blockchain
Create a network
Choose an open source
blockchain framework, set up a
new blockchain network and
your membership in your AWS
account with
just a few clicks.
Invite members
Invite other AWS accounts to
join the network.
Add nodes
Create and configure blockchain
peer nodes that store a copy of
the distributed ledger.
Deploy applications
Create and deploy decentralized
applications
to your network through your
peer nodes. Transact with other
members on
the network.
16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Network 1 – Managed Blockchain
VPC endpoint
VPC endpoint
Account A
Account B
Amazon Managed Blockchain architecture
17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Hyperledger Fabric Ordering Service
(Orderer)
Fabric Certificate
Authority
Member A
Peer Node
Fabric Certificate
Authority
Member B
Peer Node
Fabric Certificate
Authority
Member C
Peer Node
Fabric Certificate
Authority
Member D
Peer Node
Amazon VPC
AWS PrivateLink
VPC Endpoint
Fabric Client Node
Fabric Network managed by Amazon Managed Blockchain
VPC Member A
Member A
VPC Endpoint
Fabric Client Node
VPC Member B
Member B
VPC Endpoint
Fabric Client Node
VPC Member C
Member C
VPC Endpoint
Fabric Client Node
VPC Member D
Member D
Fabric Network
Organization
Certificate Authority
Membership Service
Provider
Peer Node
Fabric CLI
Orderer
Amazon Managed Blockchain architecture
18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Use the AWS managed blockchain service or other compute
services as the foundation for your blockchain infrastructure
Amazon API Gateway lets you create
custom REST API to power your
blockchain apps
Use AWS CloudHSM to
manage blockchain
participant’s secret keys
Connect IoT devices with
unique identities to a common
underlying data layer
Use Amazon S3 as your
off-chain data storage
for high availability
Perform analytics and gain insights
from your blockchain’s data in near-
real-time
Use off-chain database solutions to
support blockchain applications and
store metadata
Send notifications or use serverless compute to
respond to events programmed into blockchain
smart contracts
Amazon EC2 Amazon
ECS
Amazon S3
Amazon EBS
Blockchain solution building blocks on AWS
AWS
CloudHSM
Amazon
Redshift
AWS Lambda
Amazon
DynamoDB
Amazon
Kinesis
Amazon API
Gateway*
Amazon SQS Amazon SNS
AWS IoTAmazon
Managed
Blockchain
Amazon QLDB
19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Starter Edition and Standard Edition
Starter Edition
- Test and small production networks
- Up to five members/network
- Up to two peer nodes/member
- bc.t3.small and bc.t3.medium
- 1 TiB maximum/peer node
- Ordering service provisioned has lower
transaction throughput and availability than that
in a Standard Edition network
Membership pricing rate is different for each edition
Standard Edition
- Production networks
- Up to 30 members/network
- Up to 10 peer nodes/member
- bc.t3, bc.m5, and bc.c5 instance families
- 15 TiB maximum/peer node
- Ordering service provisioned has higher
transaction throughput and availability than that
in a Starter Edition network
20. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Hyperledger Fabric
• Create permissioned networks with
channels to limit the transactions on the
ledger each member can see
• Chaincode (smart contracts) written in
Go, Node, and Java, and executed in
Docker containers
• Validation policy for executing chaincode
is configurable
• Does not require a native cryptocurrency
for chaincode execution
22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Transaction flow with Hyperledger Fabric
Verify policy
Peer-1
Peer-n
Transaction simulation
Ordering service
Submitting client
2
5
6 Transaction delivery to peers
Transaction proposal1
Endorsement signature3
Broadcast endorsement4
23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Augmented Hyperledger Fabric
Ordering service
• Core component of a Fabric network to guarantee delivery and order of
transactions
• Production grade networks using open source utilizes Apache Kafka for this
component
• Managed Blockchain uses Amazon QLDB technology, increasing durability
and reliability
Certificate authority
• Open source uses a “soft” HSM
• Managed Blockchain uses AWS KMS
to secure the Certificate Authority service
24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Chaincode basics
Code executed on the network, and can query and update ledger
Fabric supports chaincode in three languages:
Chaincode execute within a docker container on peer nodes
Chaincode has two operations in its interface:
• Init()—initializes the chaincode with parameters
• Invoke()—invokes the chaincode with parameters
25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Peer nodes
Ordering service
blob3
blckNo
tx1
tx2
Block
forming
blob1
Verify endorsement, readset
If OK then apply writeset
Else invalid transaction (blob)
Genesis block
Submitting client
Peer
Validated Ledger (VL)PeerLedger
Peer Ledger Validated Ledger
BlockBlock seqNo=blckNo
3
4
seqNo
blob1
blob2
Orders
• Stores a copy of
the ledger database
• Executes chaincode and
endorses transactions
• Validates transactions before
the final commit
to ledger
26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Channels for access control
Channels allow isolation of
transactions among specific
members in the network
Create or update a
channel with configuration
transaction (configtx)
Member 1 Member 2 Member 3
Channel 2
Ledger
Channel 1
Ledger
Hyperledger Fabric ordering service
Channel 2Channel 1
Member 2
Peer
Member 3
Peer
Member 1
Peer
27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Endorsement policies
Endorsement policies allow
chaincode to specify which
members (or how many)
need to validate a transaction
before submitting
Endorsed transactions
then get submitted to
the ordering service and
assembled into blocks
Member 1
client
Hyperledger Fabric ordering service
Ledger LedgerMember 2
Peer
Member 1
Peer
1
3 2
1
3
28. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Layers you will build in this workshop:
1. Hyperledger Fabric network & chaincode that executes on the Fabric peer node.
2. A RESTful API that uses the Hyperledger Fabric Client SDK to interact with the Fabric
network
3. A user interface application that calls the API
Workshop layered architecture
Interact with
application
Use REST
resources
Connect via
Fabric SDK
RESTful API
30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Hyperledger Fabric Ordering Service
(Orderer)
Fabric Certificate
Authority
Member A
Peer Node
Amazon VPC
AWS PrivateLink
VPC Endpoint
Fabric Client Node
Fabric Network managed by Amazon Managed Blockchain
VPC Member A
In this workshop, we will
build a Fabric network that
looks like this
Amazon Managed Blockchain network–single member
31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
First steps, createyournetwork& member
Use the Amazon Managed Blockchain console
to create a Fabric network
(Region: N.Virgina – us-east-1)
Create your member, which will be configured
within your network
32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Getting started
❑ Look at the README here: https://tinyurl.com/y7h6369b
(https://github.com/aws-samples/non-profit-blockchain)
❑ Part 1 – Creating Fabric Network using the AWS Console
❑ Create an AWS Cloud9 instance
❑ Use AWS Cloud9 to create a Fabric client node
❑ From the Fabric client node, install chaincode, test chaincode, etc.
❑ On the Fabric client node, install the RESTful API
❑ On the AWS Cloud9 instance, install the Node.js application
33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Amazon Managed Blockchain Fabric Network
Member
Peer node
Ledger
Nonprofit
application
Nonprofit
chaincodeRESTful
API
Fabric client
Nonprofit organizationapplicationonAmazonManagedBlockchain
1a
1b
2
34
Note: Fabric Certificate Authority,
ordering service, and peer nodes are
managed by Managed Blockchain
Hyperledger Fabric Ordering Service
(Orderer)
Fabric Certificate
Authority
1a
1b
2
3
4
Member
Peer node
Ledger Nonprofit
chaincode
5
Fabric Certificate
Authority
5
34. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Quantum
Ledger Database (Amazon QLDB)
Fully managed ledger database with a
central trusted authority
35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Need for a ledger with centralized trust
DMV
Track vehicle
title history
Manufacturers
Track distribution of a
recalled product
HR & Payroll
Track changes to an
individual’s profile
Healthcare
Verify and track hospital
equipment inventory
LEDGERS WITH
CENTRALIZED TRUST
1
36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Challenges customers face
Building ledgers with traditional databases
Difficult to
manage and scale
Impossible
to verify
Error prone and
incomplete
Resource
intensive
Blockchain approaches
Designed for a
different purpose
Adds unnecessary
complexity
37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Amazon QLDB (Preview)
Fully managed ledger database
Track and verify history of all changes made to your application’s data
Maintains a sequenced record
of all changes to your data,
which cannot be deleted or
modified; you can query and
analyze the full history
Immutable
Uses cryptography to generate
a secure output file of your
data’s history
Cryptographically verifiable
Easy to use, letting you
use familiar database
capabilities like SQL APIs for
querying the data
Easy to useHighly scalable
Executes 2–3x as
many transactions as
ledgers in common
blockchain frameworks
38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
How Amazon QLDB works
39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Whatisimmutability?
1 Tracy buys a car on Aug 3, 2013
2 Tracy sells car to Ronnie
on Sept 10, 2014
DMV QLDB database adds Ronnie’s record
Journal Current stateDMV scenario
3 Ronnie’s car gets in an
accident and gets totaled
DMV QLDB Database adds new row, called “delete”
DELETE
DATE: 09/02/2016
ID Manufacturer Model Year VIN Owner
1 Tesla Model S 2012 123456789 Traci Russell
ID Manufacturer Model Year VIN Owner
1 Tesla Model S 2012 123456789 Ronnie Nash
ID Manufacturer Model Year VIN Owner
Built from ground-up in such a way that Journal cannot be modified or altered
Entire change history is easily accessible
DMV QLDB database will add Traci’s record
40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
What is verifiability?
Usescryptographytocreateadigestofchangehistory,actsasaproof
Youcanusethedigesttoproveintegrityofanytransaction
Cryptographic
technique
Digest
Customer, Ronnie can
verify the date Traci sold
the car to him was
indeed 7/16
41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Why do immutability and verifiability
matter for customers?
Reduce risk: Ensures safeguarding of critical system-of-record applications where a data loss
could potentially cost millions in lost dollars.
Improve data tracking: Helps you or any parties that have access to the system to quickly and
accurately track data’s entire lineage, improving efficiency in tracking the source of issues (e.g.,
manufacturing defects, maintain supply network data hygiene)
Auditability: Helps reduce downtime caused due to audit and compliance issues, saving hundreds
of productivity hours for your team
Reduce implementation effort: Building immutability and verifiability in a traditional way is time
consuming, complex, and expensive
42. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customer use case
43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
What is Singapore Exchange?
Adiversifiedexchangegroupthatruns keymarketinfrastructure, including theSingaporestockmarket
andapan-Asian derivativesexchangecoveringallmajorassetclasses
High annual dividend of 28
cents for the past 5 years
Strong cash flow with
debt-free balance sheet
Anchored in Singapore, an AAA-
rated economy
London
Tokyo
Mumbai
Singapore
Hong Kong
Shanghai
Beijing
Chicago
New YorkSan Francisco
Headquarter
Office
44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
About : A multiphase journey
Project Ubin is a collaborative project between Singapore Exchange, the Monetary
Authority of Singapore (MAS) and the industry to explore the use of blockchain for
clearing and settlement of payments and securities
Source: http://www.mas.gov.sg/Singapore-Financial-Centre/Smart-Financial-Centre/Project-Ubin.aspx
Domestic Delivery
vs. Payment for
Securities Settlement
Use of digital currency in
Real-Time Gross
Settlement (RTGS)
Achieved gridlock
resolution and liquidity
savings mechanism
(LSM) on a distributed
system without
compromising on
privacy
Phase 1 Phase 2 Current phase
Delivery vs. Payment vs.
Payment (DvPvP) for
cross-border settlement
of payments and
securities
Payment vs. Payment
(PvP) for
cross-border settlement
Current Phase Future Phase
Trading Post Trade Clearing Settlement DepositoryCapital Raising
45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Singapore Exchange: Project Ubin’s blockchain use case
Amazon
Managed
Blockchain
Challenges with existing financial systems:
• Lack of trust
• Inefficient processes for sending data across
borders
• API divergence is expensive and cumbersome to
maintain
Benefits of implementing a blockchain
• Distributed application provides trust
• Provides reliability and resiliency
• Easy to add new participating members
• Efficient transfer of data and transactions without
intermediaries
46. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Our preview
on Amazon
Managed
Blockchain
Singleregion,
singlecountry
deployment
Arbitrator
Fabric Certificate
Authority
Bank A
Peer Node
VPC Endpoint
Fabric Client
Node
VPC Endpoint
API Server
Fabric Client
Node
API Server
(Ordering Service)
Fabric Certificate
Authority
Bank B
Peer Node
Fabric Certificate
Authority
RMO
Peer Node
Fabric Certificate
Authority
Central Bank
Peer Node
Amazon VPC
AWS PrivateLink
Blockchain X
Arbitrator
VPC Endpoint
Fabric Client
Node
API Server
VPC Recognized Market Operator (RMO)
Hyperledger Fabric Network by Amazon Managed Blockchain VPC Central Bank / FIs
VPC Bank B
Buyer/Seller
VPC Bank A
Buyer/Seller
Digital Asset Digital Currency
47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Our conclusions
“Higher investor confidence”
Design for arbitrator role
• Designing for arbitrator’s role
provide avenue for recourse for
disputed transactions
• Maintains a central role to monitor and
facilitate market functionalities
Potential for round-the-
clock operations
Underlying DvP Design can be further
explored for cross-border transactions
where time-zone differences could mean
a delay in settlement time, exposing
participants to unnecessary FX
fluctuations and principal risks
• Smart contracts can be used to apply
obligations and rights consistently
and coherently
• Compliance enforcement through smart
contracts reduces costs
“Flexibility to reduce settlement time”
Tokenized currency coupled with smart contracts
allows for significant reduction in settlement time
on trade by trade basis
1
2
3
4
5
6
• Distributed control prevents
account compromise
• Layered security with blockchain-
independent transfer of secret
Enhances investors’ security
Multi-sig, off-chain, out-of-band secure
secrets
Project DvP’s underlying design,
architecture & benefits can be scaled for
other asset classes beyond central bank-
issued digital currencies including
securities, corporate bonds, commodities
etc. and other investor types, such as retail
etc.
Potential broadening of asset classes &
investor types
“Consistently” applied rights and obligations
48. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Amazon Managed Blockchain resources
• Webpage: https://aws.amazon.com/managed-blockchain/
• Getting Started: https://docs.aws.amazon.com/managed-
blockchain/latest/managementguide/managed-blockchain-get-started-tutorial.html
• FAQs: https://aws.amazon.com/managed-blockchain/faqs
• Documentation: https://docs.aws.amazon.com/managed-blockchain
• Pricing: https://aws.amazon.com/managed-blockchain/pricing
• Fabric workshop: https://aws.amazon.com/blogs/database/build-and-deploy-an-
application-for-hyperledger-fabric-on-amazon-managed-blockchain/
• Fabric open source documentation: https://hyperledger-fabric.readthedocs.io/en/release-
1.2/
49. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Thank you!
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.