Solution Overview
This post delves into the technical implementation of a CI/CD pipeline for Ethereum smart contract development using Amazon Web Services (AWS). Building on Part 1, we explore the AWS CDK stack that automates service deployment, configuration, and pipeline execution.
Key AWS Services
- AWS CDK: Infrastructure-as-code for provisioning resources.
- Hyperledger Besu: Ethereum development network hosted on Amazon ECS with Amazon EFS for storage.
- Secrets Manager: Securely stores mnemonics, API keys, and billing tokens.
- CodeBuild: Compiles and deploys smart contracts via Hardhat.
- Amazon S3: Hosts configuration files and deployment scripts.
AWS CDK Project Structure
The GitHub repository organizes the project as follows:
| Folder/File | Purpose |
|---|---|
cdk-stack.ts | Defines AWS CDK constructs and custom resources. |
DataSyncTaskExec | Lambda functions for S3-to-EFS file syncing via DataSync. |
ECSTaskExec | Lambda functions to manage ECS tasks (e.g., launching Besu nodes). |
EFSManagement | Creates required EFS directories for Besu node configuration. |
resources/ | Contains deployment scripts, configurations, and .zip files. |
ShareToWin-dApp/ | Sample dApp with smart contracts and Lambda code for CI/CD testing. |
Hyperledger Besu Development Network
Configuration
- Genesis File (
dev.json): Pre-generates 10 test Ethereum addresses using a hierarchical deterministic (HD) wallet. - Besu Node Setup: Deployed via ECS Fargate with EFS as persistent storage.
⚠️ Caution:
The provided mnemonic (default mnemonic provided as part of the sample code) is for testing only. Never use it in production.Custom Resource Providers
- EFS Folder Creation: Lambda initializes
/configand/datadirectories on EFS. - S3-to-EFS Sync: DataSync copies
config.tomlanddev.jsonto EFS. - ECS Task Execution: Launches the Besu container with public IP enabled.
Secrets Management
Critical parameters (e.g., mnemonics, IAM keys) are stored in AWS Secrets Manager:
new secretsmanager.Secret(this, "AMB-CICD-Blog-Secrets", {
secretName: "AMB-CICD-Blog-Secrets",
secretObjectValue: {
"/CodeBuild/BesuMnemonicString": cdk.SecretValue.unsafePlainText("test-only-mnemonic"),
"/CodeBuild/GoerliMnemonicString": cdk.SecretValue.unsafePlainText("To be entered"),
// ... other secrets
}
});CI/CD Pipeline Workflow
CodeBuild Projects
Besu Network Deployment:
- Compiles smart contracts using Hardhat.
- Deploys to Besu dev network and updates Lambda environment variables.
Goerli Testnet Deployment:
- Requires manual approval post-Besu success.
- Uses Managed Blockchain billing token for node access.
Buildspec Snippet (besubuildspec.yml):
phases:
build:
commands:
- npx hardhat compile
- CONTRACTSADDRESS=$(npx hardhat run --network besudev deploy.js)
- aws lambda update-function-code --function-name AMB-CICD-Blog-ShareToWinLambda --zip-file fileb://ShareToWinLambda.zipFAQs
1. Why use Hyperledger Besu for development?
Besu provides a local Ethereum network with unlimited test Ether, ideal for debugging and multi-developer collaboration.
2. How are sensitive credentials managed?
AWS Secrets Manager securely stores mnemonics and API keys, preventing hardcoding in repositories.
3. What triggers the CI/CD pipeline?
Changes to the smart contract code in the CodeCommit repository initiate the pipeline.
4. Can I replace Hardhat with Truffle?
Yes. Adjust the buildspec.yml to use Truffle commands instead of Hardhat.
5. How do I clean up resources?
Run cdk destroy to delete all AWS resources created by the stack.
Conclusion
This post detailed an end-to-end CI/CD pipeline for Ethereum dApps using AWS CDK, Hyperledger Besu, and CodeBuild. The complete code is available on GitHub.
👉 Explore the AWS CDK Repository to deploy your own pipeline.
Authors:
- Rafia Tapia, Blockchain Specialist Solutions Architect.
- Kranthi Manchikanti, Cloud Solutions Architect at AWS.