Authentication and Access Control for Hyperledger Fabric on Managed Blockchain

AWS Identity and Access Management (IAM) permission policies, VPC endpoint services powered by AWS PrivateLink, and Amazon EC2 security groups provide the primary means for you to control access to Amazon Managed Blockchain. In addition to these AWS services, open-source frameworks that run on Managed Blockchain have authentication and access control features that you can configure.

IAM permission policies are associated with AWS users in your account and determine who has access to what. Permission policies specify the actions that each user can perform using Managed Blockchain and other AWS services. VPC endpoint services allow each Managed Blockchain network member to connect privately to Managed Blockchain resources. Amazon EC2 security groups act as virtual firewalls and determine the inbound and outbound network traffic that is allowed between Managed Blockchain resources and other Amazon EC2 resources. In Managed Blockchain, these security groups are associated with the VPC endpoint in your account and with any framework clients that run on AWS, such as a Hyperledger Fabric client running on an Amazon EC2 instance.

Before you configure authentication and access control using AWS services and open-source features, we recommend that you review the following resources:

• For more information about IAM and IAM permission policies, see Identity and Access Management for Hyperledger Fabric on Amazon Managed Blockchain. We also recommend What is IAM? and IAM JSON Policy Reference in the IAM User Guide.

• For more information about VPC endpoints, see Create an Interface VPC Endpoint for Hyperledger Fabric on Amazon Managed Blockchain and VPC Endpoints in the Amazon VPC User Guide.

• For more information about Amazon EC2 security groups, see Configuring Security Groups for Hyperledger Fabric on Amazon Managed Blockchain and Amazon EC2 Security Groups for Linux Instances in the Amazon EC2 User Guide for Linux Instances.

• For more information about the Hyperledger Fabric Certificate Authority (CA), see Certificate Authority (CA) Setup in the Hyperledger Fabric documentation.

• For more information about Hyperledger Fabric application access control lists, see Application Access Control Lists in the Hyperledger Fabric documentation.