AWS setup
Configure your signing key and S3 bucket
These instructions are for a production environment where validator keys exist in AWS's Key Management Service and validator signatures are posted publicly in an S3 bucket.
1. Create an AWS IAM user and KMS key
Follow the instructions for AWS KMS keys to generate an AWS IAM user and KMS key. You will use this user and key in the following steps.
2. Create an S3 bucket
Your validator will post their signatures to this bucket.
Go to AWS's S3 in the AWS console.
On the right, click the orange "Create Bucket" button
Pick an informative bucket name, such as
hyperlane-validator-signatures-${validator_name}-${chain_name}
Consider choosing the same region as the KMS key you created in the previous step.
Keep the recommended "ACLs disabled" setting for object ownership.
Configure public access settings so that relayers can read your signatures
Uncheck "Block all public access"
Check the first two options that block access via access control lists
Leave the last two options unchecked, we will be granting public read access via a bucket policy
Acknowledge that these settings may result in public access to your bucket
The remaining default settings are fine, click the orange "Create bucket" button on the bottom
3. Configure S3 bucket permissions
Your validator IAM user will need write permissions, and it should be publicly readable by relayers.
Navigate back to "Identity and Access Management (IAM)" in the AWS console
Under "IAM resources" you should see at least one "User", click into that
Click on the name of the user that you provisioned earlier (e.g.
hyperlane-validator-${chain_name}
)Copy the "User ARN" to your clipboard, it should look something like
arn:aws:iam::791444913613:user/hyperlane-validator-${chain_name}
Navigate back to "S3" in the AWS console
Click on the name of the bucket you just created
Just under the name of the bucket, click "Permissions"
Scroll down to "Bucket policy" and click "Edit"
Enter the following contents. The Bucket ARN is shown just above where you enter the policy
Last updated