||Comments (

Last year, I spent some time in Jakartavisiting HARA, an AWS customer. They've created a way to connect small farms in developing nations to banks and distributers of goods, like seeds, fertilizer, and tools. Traditionally, rural farms have been ignored by the financial world, because they don't normally have the information required to open an account or apply for credit. With HARA, this hard-to-obtain data on small farms is collected and authenticated, giving these farmers access to resources they've never had before.



为了消除与区块链网络相关的复杂性,我们最近宣布Amazon Managed Blockchain, a fully managed service that makes it easy to create and manage scalable blockchain networks.

We also announcedAmazon Quantum Ledger Database(Amazon QLDB), a ledger database that provides some of the same features as blockchain for data integrity. It's designed for centralized systems, where there is a central trusted authority. Amazon QLDB provides a transparent, immutable, and cryptographically verifiable transaction log ‎owned by a central trusted authority.

In this post, I dive deeper into some of these concepts, the challenges people face building with blockchain, and how our two new services solve these issues.

A closer look at blockchain and ledger technology


Blockchains are designed to maintain the integrity of data. They are immutable—committed data history cannot be altered or deleted, it can only be updated. Ledgers are the building blocks that help make blockchains immutable, so I'm going to explain this concept in detail.


Ledgers found in a blockchain (and now in Amazon QLDB) typically consist of the following:

  • Current and historical state:A data structure that keeps the current and historical state values, allowing applications to easily access the data without needing to traverse the entire transactional log.
  • A journal:事务日志,使一个完整的记录f the entire history of data changes. The transactional log is append-only, meaning that each new record is chained to the previous, allowing you to see the entire lineage of data's change history. Additionally, with the help of cryptographic hashing, a process that assigns a unique identifier (like a fingerprint) to each record, blocks are chained to one another. This allows ledgers to have a timekeeping property allowing anyone to look back in time and get proof that the data transaction occurred, making auditing simple.

Compare this to relational databases where customers have to engineer an auditing mechanism because the database is not inherently immutable. Such auditing mechanisms built with relational databases can be hard to scale. They put the onus on the application developer to ensure that all the right data is being recorded.


  • Consensus algorithmshelp ensure that the members in the network have an agreed-upon method to allow transactions and data to be committed to the ledger. If the consensus requirements aren't met, then the transaction is rolled back and not valid.
  • Smart contracts是有规则和处罚的计划,该合同定义为代码行。该程序在满足合同的条件时不断检查,然后确保合同自动执行。

Together, these elements allow two or more parties to transact with decentralized trust, where each party consents to the transaction and records the transaction. Decentralized trust makes sense when multiple organizations must independently verify transaction history and have a single, up-to-date, accurate view of data. It also makes sense when there is no single party that wants to maintain an application but network members still want to transact with other parties efficiently.

Let's take the example of a trade finance application where decentralized trust is needed. Trading goods across international borders requires many orgs to work with one another, such as importers, exporters, multiple banks, shipping companies, insurance companies, and customs departments. With the number of stakeholders involved, there is no trusted central authority. Each stakeholder wants to independently verify the documentation related to the trade and doesn't want any single entity to own the record of activity.

The current process requires trade-related paperwork (for example, a letter of credit) to go back and forth between the stakeholders, which can take 5–10 business days to complete. This results in long processing time and high costs.

In this scenario, enabling the stakeholders to operate with decentralized trust improves efficiency and cuts down costs. A single participant does not own the infrastructure, and the system distributes a copy of the transaction ledger to each participant for independent verification. The business contract, such as a letter-of-credit, can be written as a smart contract in the blockchain application. It can automatically execute as soon as all parties provide consensus to record the transaction.

Customers look to blockchain as technology that enables them to transact with multiple parties when there is no single trusted authority and they need a system with decentralized trust.

Making blockchain easy with Managed Blockchain

It's difficult, expensive, and time-consuming to create and manage blockchain networks using existing frameworks. First, to create a blockchain network with permissions, each network member must manually provision hardware, install software, create and manage certificates for access control, and configure networking components. When the blockchain network is running, users have to continuously monitor the infrastructure. They must adapt to changes, such as an increase in transaction requests or new members joining or leaving the network.

为了帮助克服人们遇到模板建立的障碍,AWS已经创建了托管区块链。与自托管区块链网络不同,Amazon Managed SlockChinain消除了手动配置硬件,配置软件和设置网络和安全组件的需求。此服务允许用户只需点击几下即可设置和管理可伸缩的区块链网络。它自动缩放以满足运行数百万台交易的数千个应用程序的需求。


In addition, Managed Blockchain provides a selection of instance types that comprise varying combinations of CPU and memo. This gives you the flexibility to choose the appropriate mix of resources to support your nodes. Users pay according to their usage and don't worry about any upfront costs for infrastructure.

区块链支持两种流行的区块链管理frameworks, Hyperledger Fabric and Ethereum. Hyperledger Fabric is well-suited for applications that require stringent privacy and permission controls and with a known set of members. For example, this might include a financial application where certain trade-related data is only shared between a subset of the network (only the banks that are part of the trade).

Ethereum is well suited for highly distributed blockchain networks where transparency of data for all members is important. Each transaction is visible to all the members of the network. For example, this might include a customer loyalty blockchain application that allows any network retailer to verify user activity by broadcasting the transaction to all members.


Managed Blockchain creates a network and manages its key components:

  • Members
  • Hyperledger Fabric's certificate authority (CA) for each member
  • Peer nodes
  • The ordering service

A blockchain network is a peer-to-peer network running a decentralized blockchain framework. Each network includes one or more members, which are unique identities in the network (for example, an organization in a consortium of banks). Each member on the network can easily create their own peer nodes that come with a variety of compute and storage options.

With each member, the Hyperledger Fabric CA also gets created. The Hyperledger Fabric CA provides a number of certificate services that relate to user enrollment, transactions invoked on the blockchain, and TLS-secured connections between users or components of the blockchain.

每个成员的对等节点运行smar交互t contracts known as chaincode in Hyperledger Fabric. They create and endorse transactions proposed in the network, and store a local copy of the ledger.

Members define the rules in the endorsement process based on their application's business logic. For example, in a trade finance application, the bank for the exporting party wants to verify that the importing party has necessary funds before endorsing the transaction. To configure blockchain applications on peer nodes and to interact with other network resources, members use a client configured with the AWS CLI or SDK. Those network resources could include the certificate authority, ordering service, and peer nodes.

Managed Blockchain provides endpoints to access these services, which can be accessed via an AWS PrivateLink endpoint. Additionally, in Managed Blockchain, we have improved the reliability of the default ordering service, a component that ensures delivery of transactions across the blockchain network. We have rebuilt the ordering service using the same underlying technology as Amazon QLDB. There's even now an immutable change log that accurately maintains the complete history of all transactions in the blockchain network, ensuring that you durably save this data.

A ledger solution with centralized trust


One example of this is a department of motor vehicles that tracks vehicle ownership and registration history in a way that is resilient against data manipulation. People have tried to solve this problem with a relational database, but it's not built to be immutable. Users have to do a bunch of work to create any complex auditing functionality. Also, with a traditional database there's no way to go back in time and verify the integrity of the change log.


此问题的解决方案是一种集中式分类帐,用作透明,不变的和加密可验证的事务日志。这就是为什么我们创建了第一个目的内置的分类帐数据库 - 亚马逊QLDB。

Amazon QLDB使得易于理解应用程序数据随着时间的变化而变化,消除了在应用程序中构建复杂的审计功能的需要。Amazon QLDB日志是一个不可变日志,交易被附加为数据块。在事务被写入日志中后,无法更改或删除 - 它成为永久性记录。

These blocks are also hash-chained together using cryptography (SHA-256). This allows you to verify and show the proof of your data's integrity (for example, an ecommerce business may have to show proof of a winning bid). This transaction then gets updated in the Current State table, which always keeps the current value of the data. And, finally, the transaction gets indexed in the history table, which can be queried to track how the data has changed over time.

此外,由于Amazon QLDB是一个数据库,它提供比区块链框架更好的性能和比例。它可以很容易地扩展并执行两到三次作为常见区块链框架的交易。亚马逊QLDB现在可以使用limited preview


Blockchain and ledger technology has the potential to dramatically improve many types of transactions. However, if it isn't accessible to everyone, many great ideas may never be realized.



These two solutions—Managed Blockchain and Amazon QLDB—expand the AWS portfolio of databases that offers the most breadth and depth of any cloud provider. By creating more options, we help more people. And when a company has the freedom to choose the best tool for a job, it makes a big difference.