Developer Documentation

Appearance

AWS Ethereum Signing Service

Amazon Web Services (AWS) is a cloud platform that offers scalable and secure infrastructure for transaction handling, including services like Lambda for execution, API Gateway for access control, and KMS for encryption. AWS ensures efficient real-time transaction processing with auto-scaling, monitoring, and security.

Skuchain provides an Ethereum transaction signing service hosted on AWS, allowing organizations to securely sign transactions without managing key storage or AWS infrastructure themselves.

Skuchain leverages AWS to provide a robust and secure environment for Ethereum transaction signing for organisations, offering the following key features:

- Dedicated IAM Users for Each Organization
- IAM Role and Policy Configuration
- Secure Transaction Signing
- Mnemonic Handling Using AWS Secrets Manage

Architecture for AWS Ethereum Signing

The AWS Ethereum Signing Service architecture is designed to provide a secure, scalable, and efficient solution for organizations to sign Ethereum transactions without managing the complexities of key storage and AWS infrastructure themselves.

Architecture for AWS Eth Signing

Key Components

  1. AWS Lambda: Executes the transaction signing function on-demand.
  2. AWS Secrets Manager: Securely stores and manages mnemonics for each organization.
  3. API Gateway: Provides a secure API endpoint for invoking the Lambda function.
  4. IAM: Manages access control and permissions for organizations and AWS services.

Workflow

  1. Organizations invoke the Lambda function through the API Gateway.
  2. The Lambda function retrieves the necessary mnemonic from Secrets Manager.
  3. The transaction is signed using the derived key from the mnemonic.
  4. The signed transaction is returned to the organization.

This architecture ensures secure and efficient transaction signing while maintaining isolation between different organizations' resources.

Services Used for Eth Signing

AWS Lambda

  • Serverless compute service for transaction signing
  • Offers on-demand execution, scalability, and simplified management
  • Hosts signing logic and interfaces with Secrets Manager

AWS Secrets Manager

  • Securely stores and manages mnemonics for organizations
  • Provides centralized storage with encryption at rest and in transit
  • Integrates with IAM for access control

Amazon API Gateway

  • Serves as the entry point for the Ethereum signing service
  • Provides a RESTful API interface with request validation
  • Handles authentication, authorization, and invokes Lambda functions
  • Offers API versioning and logging capabilities

These services work together to create a secure, scalable, and efficient Ethereum transaction signing solution. Lambda executes the signing logic, Secrets Manager safeguards the mnemonics, and API Gateway manages the incoming requests and authentication.