Part2: Code-Level Integration of AWS KMS with Account Abstraction for Web3 Applications
Welcome to Part 2 of our series on integrating AWS KMS with Account Abstraction for secure Web3 wallet management. In Part 1, we established the foundations by exploring how to configure AWS KMS for EVM private keys. In this part of the series, we'll be diving deeper into the code that ties these two concepts together. We first demonstrate how to generate smart wallets using AWS KMS wrapped EOA private keys, create a Viem compatible wallet interface from our KMS signer, and execute Account Abstraction transactions.
Our objective is that by the end of this series, the reader will have a good grasp of how to build a production-ready system that utilizes both AWS KMS and Account Abstraction to create secure, scalable blockchain applications without compromising on security or user experience.
Lets jump into code:
Alright, let's get started with the main parts of the implementation! We won’t bother you a lot with much writing but we will provide self explanatory and documented code snippets that you can take and use to build your own infrastructure for secure Web3 wallet management.
Implementing Smart Wallets with AWS KMS
First, let's explore how to use these KMS keys with Account Abstraction to create secure smart wallets. Below is a simplified implementation using Viem and the KMS signer packages (link to github gist):
Sending Account Abstraction Transactions
With our smart wallet in place, we can now send transactions using Account Abstraction. Here's how we can implement this (link to github gist):
The main interesting point of integration in this small project is the approach we used to create a compatible class of Viem PrivateKeyToAccount from the AWS KMS signer to ensure that it aligns with interface of the smart wallet signer as in premissionless.js and Viem packages (part of this code is borrowed from Viem github repo). The code snippet is available on this github gist.
Advantages of This Approach
Combining AWS KMS with Account Abstraction provides several key benefits:
Enhanced Security: Having the private keys never leaving AWS KMS this reduces the risk of exposure
Deterministic Wallet Generation: Generate the same wallet address in deterministic way from user identifiers
Gas Sponsorship: Support for sponsored transactions via Pimlico bundler and paymaster.
Multi-Chain Support: The proposed solution works across multiple EVM chains, while here we shared the deployed contract on Monad but we have tested this on multiple chains including Monad, Avalanche, Base and Polygon.
Conclusion
In this series, we've explored how AWS KMS can be combined with Account Abstraction to create a robust security solution for blockchain wallets. This approach is particularly valuable for organizations building enterprise-grade Web3 applications that require high security standards and operational flexibility.
By leveraging AWS KMS for key management and Account Abstraction for transaction flexibility, developers can build secure, scalable blockchain applications without compromising on security or user experience.