#aws-kms #signer #sign #ethereum #transaction #key #set

ethers_aws

Library to use AWS KMS to sign ethereum transactions

1 unstable release

0.1.0 Dec 24, 2023

#18 in #aws-kms

MIT/Apache

21KB
371 lines

AWSSigner

ether_aws is a wrapper around the aws sdk that allows using AWS KMS as a signer, AWSSigner AWSSigner fully implements the Signer trait from ether-rs.

Quickstart

Add this to your Cargo.toml:

[dependencies]
ethers_aws = "0.1"

Usage

//Set up all credentials
let access_key = std::env::var("ACCESS_KEY").expect("ACCESS_KEY must be in environment");
let secret_access_key = std::env::var("SECRET_ACCESS_KEY").expect("SECRET_ACCESS_KEY must be in environment");
let key_id: String = std::env::var("KEY_ID").expect("KEY_ID must be in environment");
let region = std::env::var("REGION").expect("REGION must be in environment");
//Create the signer
let aws_signer = AWSSigner::new(
        ethers::types::Chain::Mainnet as u64,
        access_key,
        secret_access_key,
        key_id,
        region,
    )
    .await
    .expect("Cannot create AWS signer");
let provider = Provider::<Http>::try_from(anvil.endpoint()).unwrap();
let signer_middleware = SignerMiddleware::new(provider, aws_signer);

//Create transaction as usual
let one_ether: U256 = parse_units(1, 18 as i32).unwrap().into();
let tx_request = Eip1559TransactionRequest::new().to(Address::zero())
        .value(one_ether);
let response = signer_middleware.send_transaction(tx_request, None)

AWS setup (Optional)

Create an IAM user

An AWS IAM user must be created with the appropriate permissions. During the creation process add these policies for the to be created IAM user.

AWSKeyManagementServicePowerUser
ROSAKMSProviderPolicy

Once created, go to the newly created user and add an access_key to it. Chose Application running outside AWS. Save the access_key and the secret_access_key

Create a new public private key pair

Go to the AWKS KMS page and follow these steps:

  1. Choose Create a key
  2. Choose Asymmetric for Key Type
  3. Choose Sign and Verify for Key Usage
  4. Choose ECC_SECG_P256K1 for Key spec
  5. Click next and add tags
  6. Click next and in the Key administrators choose the user created in the Create an IAM user section
  7. Click next and in Key User choose the user created in Create an IAM user section
  8. Once the key is created, get the key_id

Install this library into your rust project

cargo add ethers_aws

Example

You can run the simple example provided in this project. Make sure to have the appropriate AWS KMS credentials set in your environment. Look at the tests section for an example of how to set credentials.

cargo run -p simple_example

Tests

Unit tests require KMS credentials to be set. Please set these values in your environment.

export ACCESS_KEY=<ACCESS_KEY>
eexport SECRET_ACCESS_KEY=<SECRET_ACCESS_KEY>
export KEY_ID=<KEY_ID>
export REGION=<REGION<

Dependencies

~45–61MB
~1M SLoC