Amazon Managed Blockchain (AMB) Access Bitcoin: Developer Guide

·

Amazon Managed Blockchain (AMB) Access Bitcoin provides a fully managed, serverless solution for interacting with the Bitcoin Mainnet and Testnet networks. It eliminates the need to provision, manage, or scale your own Bitcoin node infrastructure, allowing developers to focus on building applications. This guide covers key concepts, setup, and practical examples for using AMB Access Bitcoin.

Key Concepts

AMB Access Bitcoin offers serverless access to the Bitcoin blockchain via API endpoints. It supports multiple JSON-RPC calls through Bitcoin Core clients with wallet functionality disabled. You can read data, write transactions, and invoke various JSON-RPC methods to interact with the Bitcoin network.

Supported Networks and Regions

Endpoints

Use these endpoints to connect to AMB Access Bitcoin:

Important Considerations

Getting Started

Prerequisites

  1. AWS Account: Sign up for an AWS account if you don’t have one.
  2. IAM User with Permissions: Create an IAM user with appropriate permissions for AMB Access Bitcoin. Avoid using root user credentials for daily tasks.
  3. AWS CLI: Install and configure the AWS Command Line Interface (CLI).

Setting Up IAM Policies

Create an IAM policy to grant access to Bitcoin JSON-RPC calls. Below is an example policy allowing access to both Mainnet and Testnet:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AMBBitcoinAccessPolicy",
      "Effect": "Allow",
      "Action": [
        "managedblockchain:InvokeRpcBitcoin*"
      ],
      "Resource": "*"
    }
  ]
}

Attach this policy to your IAM user or role. For network-specific access, use managedblockchain:InvokeRpcBitcoinMainnet or managedblockchain:InvokeRpcBitcoinTestnet.

Using the AWS Management Console

  1. Open the Managed Blockchain console.
  2. Select RPC Editor.
  3. Choose BITCOIN_MAINNET or BITCOIN_TESTNET as the blockchain network.
  4. Select an RPC method (e.g., getblock), provide required parameters, and submit the RPC request.
  5. View results in the response section.

Making Requests with awscurl

Use awscurl to make signed requests to AMB Access Bitcoin endpoints. Example for getblockheader:

awscurl -X POST -d '{"jsonrpc":"1.0","id":"getblockheader-curltest","method":"getblockheader","params":["0000000000000000000105bebab2f9dd16234a30950d38ec6ddc24d466e750a0"]}' --service managedblockchain https://mainnet.bitcoin.managedblockchain.us-east-1.amazonaws.com --region us-east-1 -k

Node.js Example

Use the AWS SDK for JavaScript to sign and send requests. Example script:

const axios = require('axios');
const SHA256 = require('@aws-crypto/sha256-js').Sha256;
const defaultProvider = require('@aws-sdk/credential-provider-node').defaultProvider;
const HttpRequest = require('@aws-sdk/protocol-http').HttpRequest;
const SignatureV4 = require('@aws-sdk/signature-v4').SignatureV4;

const signer = new SignatureV4({
  credentials: defaultProvider(),
  service: 'managedblockchain',
  region: 'us-east-1',
  sha256: SHA256,
});

const rpcRequest = async () => {
  let rpc = {
    jsonrpc: "1.0",
    id: "1001",
    method: 'getblock',
    params: ["00000000c937983704a73af28acdec37b049d214adbda81d7e2a3dd146f6ed09"]
  };

  let bitcoinURL = 'https://mainnet.bitcoin.managedblockchain.us-east-1.amazonaws.com/';
  const url = new URL(bitcoinURL);

  const req = new HttpRequest({
    hostname: url.hostname.toString(),
    path: url.pathname.toString(),
    body: JSON.stringify(rpc),
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Accept-Encoding': 'gzip',
      host: url.hostname,
    }
  });

  const signedRequest = await signer.sign(req, { signingDate: new Date() });

  try {
    const response = await axios({ ...signedRequest, url: bitcoinURL, data: req.body });
    console.log(response.data);
  } catch (error) {
    console.error('Error:', error);
    throw error;
  }
};

rpcRequest();

Using AWS PrivateLink

For private connectivity, use AWS PrivateLink to access AMB Access Bitcoin endpoints without traversing the public internet. Configure VPC endpoints for com.amazonaws.[region].managedblockchain.bitcoin.[network-type] (e.g., com.amazonaws.us-east-1.managedblockchain.bitcoin.testnet).

Bitcoin Use Cases

Building a Bitcoin Wallet

Create wallets to send and receive BTC using JSON-RPC methods like estimatesmartfee, createmultisig, createrawtransaction, and sendrawtransaction. These methods help calculate balances, sign transactions, and submit them to the network.

Analyzing Blockchain Activity

Use getchaintxstats to analyze transaction volumes, average rates, and other statistics. Define blocks by height or hash to compute metrics for specific segments of the blockchain.

Verifying Signed Messages

Validate messages signed with Bitcoin key pairs using verifymessage. This proves ownership of a Bitcoin address and associated BTC without exposing private keys.

Checking the Mempool

Access the mempool to track pending transactions with getmempoolancestors, getmempoolentry, getrawmempool, and testmempoolaccept. These methods are essential for wallets, exchanges, and other entities submitting transactions.

Supported JSON-RPCs

AMB Access Bitcoin supports a wide range of JSON-RPC methods categorized as follows:

Note: HTTP responses larger than 10 MB require Accept-Encoding: gzip header for compressed responses.

Security and Compliance

Data Protection

AWS follows a shared responsibility model for security. AWS manages the security of the cloud infrastructure, while customers are responsible for securing their data and applications. Use IAM policies, MFA, and encryption to protect your resources.

Identity and Access Management (IAM)

Control access to AMB Access Bitcoin using IAM policies. Attach policies to users, groups, or roles to grant permissions for specific JSON-RPC actions. Use temporary credentials for enhanced security.

Monitoring with AWS CloudTrail

Enable CloudTrail to log data events for AMB Access Bitcoin. This helps track who invoked which JSON-RPC methods, from where, and when. Use advanced event selectors to capture data events for AWS::ManagedBlockchain::Network resource type.

Example CloudTrail event selector configuration:

aws cloudtrail put-event-selectors --region us-east-1 --trail-name my-trail --advanced-event-selectors '[{"Name":"BitcoinEvents","FieldSelectors":[{"Field":"eventCategory","Equals":["Data"]},{"Field":"resources.type","Equals":["AWS::ManagedBlockchain::Network"]}]}]'

Frequently Asked Questions

Q: What networks does AMB Access Bitcoin support?
A: It supports Bitcoin Mainnet (production) and Testnet (testing). Private networks are not supported.

Q: How do I authenticate requests to AMB Access Bitcoin?
A: All requests must be signed using AWS Signature Version 4 (SigV4). Use IAM credentials (access key ID and secret access key) to sign requests.

Q: Can I use AMB Access Bitcoin for mining?
A: No, BTC mining is not supported.

Q: What is the default rate limit for requests?
A: The default limit is 100 requests per second (RPS) per network type per AWS region. Contact AWS Support to increase this quota.

Q: How can I monitor JSON-RPC calls?
A: Use AWS CloudTrail to log data events. Configure advanced event selectors for AWS::ManagedBlockchain::Network resource type.

Q: Is there a cost for using AMB Access Bitcoin?
A: You pay only for the requests you make to the Bitcoin endpoints. There are no upfront costs or minimum fees.

Q: Can I access AMB Access Bitcoin privately without internet exposure?
A: Yes, use AWS PrivateLink to create VPC endpoints for private connectivity to AMB Access Bitcoin.

For more advanced methods and real-time tools, 👉 explore additional strategies.