AwsKmsSigner is an Ethers v5 signer implementation that utilizes AWS Key Management Service (KMS) for secure EVM transaction and message signing.
npm install @nexusmutual/ethers-v5-aws-kms-signerAwsKmsSigner instance:
-
AWS_REGION- The AWS region where the KMS key is located -
AWS_KMS_KEY_ID- The ID of the AWS KMS key or 'alias/' - provider - Ethers provider instance
const awsKmsSigner = new AwsKmsSigner(AWS_REGION, AWS_KMS_KEY_ID, provider);getAddress:
await awsKmsSigner.getAddress();signTransaction
await awsKmsSigner.signTransaction(tx);signMessage
await awsKmsSigner.signMessage(message);Connect to a new provider
awsKmsSigner.connect(newProvider);In order to work properly AWS KMS managed key must be:
- asymmetric
- able to sign and verify
- ECC_SECG_P256K1 or ECC_NIST_P256 specified
Client using the library should have the following IAM permissions to the key that it uses:
- Effect: Allow
Action:
- 'kms:Sign'
- 'kms:GetPublicKey'
Resource: !Ref KMSKeyArnThe AWS Credentials should be set properly to access the given AWS KMS key, see here
npm test
To run end to end test set the following env vars:
-
TEST_KMS_REGION_ID- The AWS region where the KMS key is located -
TEST_KMS_KEY_ID- The ID of the AWS KMS key