1 unstable release
0.1.0 | Dec 24, 2023 |
---|
#20 in #aws-kms
21KB
371 lines
AWSSigner
ether_aws is a wrapper around the aws sdk that allows using AWS KMS as a signer, AWSSigner
AWSSigner
fully implements the Signer
trait from ether-rs.
Quickstart
Add this to your Cargo.toml:
[dependencies]
ethers_aws = "0.1"
Usage
//Set up all credentials
let access_key = std::env::var("ACCESS_KEY").expect("ACCESS_KEY must be in environment");
let secret_access_key = std::env::var("SECRET_ACCESS_KEY").expect("SECRET_ACCESS_KEY must be in environment");
let key_id: String = std::env::var("KEY_ID").expect("KEY_ID must be in environment");
let region = std::env::var("REGION").expect("REGION must be in environment");
//Create the signer
let aws_signer = AWSSigner::new(
ethers::types::Chain::Mainnet as u64,
access_key,
secret_access_key,
key_id,
region,
)
.await
.expect("Cannot create AWS signer");
let provider = Provider::<Http>::try_from(anvil.endpoint()).unwrap();
let signer_middleware = SignerMiddleware::new(provider, aws_signer);
//Create transaction as usual
let one_ether: U256 = parse_units(1, 18 as i32).unwrap().into();
let tx_request = Eip1559TransactionRequest::new().to(Address::zero())
.value(one_ether);
let response = signer_middleware.send_transaction(tx_request, None)
AWS setup (Optional)
Create an IAM user
An AWS IAM user must be created with the appropriate permissions. During the creation process add these policies for the to be created IAM user.
AWSKeyManagementServicePowerUser
ROSAKMSProviderPolicy
Once created, go to the newly created user and add an access_key to it. Chose Application running outside AWS
. Save the access_key
and the secret_access_key
Create a new public private key pair
Go to the AWKS KMS page and follow these steps:
- Choose
Create a key
- Choose
Asymmetric
forKey Type
- Choose
Sign and Verify
forKey Usage
- Choose
ECC_SECG_P256K1
forKey spec
- Click next and add tags
- Click next and in the
Key administrators
choose the user created in theCreate an IAM user
section - Click next and in
Key User
choose the user created inCreate an IAM user
section - Once the key is created, get the
key_id
Install this library into your rust project
cargo add ethers_aws
Example
You can run the simple example provided in this project. Make sure to have the appropriate AWS KMS credentials set in your environment. Look at the tests section for an example of how to set credentials.
cargo run -p simple_example
Tests
Unit tests require KMS credentials to be set. Please set these values in your environment.
export ACCESS_KEY=<ACCESS_KEY>
eexport SECRET_ACCESS_KEY=<SECRET_ACCESS_KEY>
export KEY_ID=<KEY_ID>
export REGION=<REGION<
Dependencies
~46–63MB
~1M SLoC