Open Menu
AWS Marketplace

Getting Started

Preflight Checks

Before going any further please make sure you have at least one Route 53 Domain available. For instructions on how to create one please see Amazon Route 53.

WARNING please note that any S3 or EC2 resources created by Sextant will be billed to your account and are NOT included in your Sextant subscription.

Once you have set up Sextant successfully please review the Follow up actions.

Deploying Sextant

Provided that you have subscribed to Sextant on the AWS Marketplace and you are logged into your AWS account, the simplest way to deploy Sextant is to use this deployment template URL

Please note that this link defaults to the last region viewed in your AWS EC2 Console. However to switch to another region is straightforward as all you need to do is change the region in your console and the launch stack URL will be updated automatically.

Selecting a valid AWS Region

When choosing an AWS region to deploy Sextant please note that it can only be launched in an AWS region that supports AWS Fargate. See AWS Regional Services for details.

Configuring Sextant

The link above is a launch stack URL and you will be presented with a form like this:

Sextant launch form

The key fields are -

  1. Stack name
  2. InitialPassword
  3. SextantS3Bucket

Stack name is the name of the parent Fargate networking stack that will be created by AWS.

InitialPassword must be at least 8 characters long; contain at least two uppercase characters and at least three lowercase characters

WARNING you should make a note of this password as you will need it in order to login to Sextant as admin and complete the setup process

SextantS3Bucket should NOT refer to an existing S3 bucket in your AWS account unless this is one previously created by Sextant.

Once you've completed the form scroll down and check the box acknowledging that you understand that AWS CloudFormation might create IAM resources. Then click Create to initiate the creation of the Sextant Fargate stack.


Provided that there are no errors such as an incorrectly specified password you will then be redirected to the Stack Details page for your stack.

NOTE that it will take AWS approximately 5 minutes to launch Sextant

Create in Progress

You can view the Events log to see what AWS resources are being created on your behalf.

Events log

For example, if you open the S3 Management Console you will be able to see the new S3 Bucket created on your behalf.

S3 Management Console

WARNING this S3 bucket contains critical state information so should be treated as READ ONLY by you

Once the status of your stack is CREATE_COMPLETE expand the Outputs and you should see a key ExternalUrl.


Click on the corresponding link to open your Sextant instance and then login as admin using the InitialPassword you specified earlier.

Sextant login

Using Sextant

Once you've logged into Sextant you can in theory immediately start creating Kubernetes clusters and deploying Hyperledger Sawtooth networks on these clusters.

Creating users

However if you plan to use Sextant in a team setting we recommend that you first create end users by clicking top right and selecting Users from the dropdown menu.

Admin dropdown menu

Note that you can also click on Support if you need to contact us for any reason.

You can then create new users. Unless you want to grant them admin rights we recommend that you select normal when creating them.

Create user

As an admin you can see all users so to focus on the world as seen through the eyes of a normal user we will logout of our admin account.

List users

Creating Kubernetes Clusters

Having created new user appdev1 we now login using their credentials.

Normal dropdown menu

As you can see from this screenshot appdev1 has a more restricted set of options.

In order to deploy a Hyperledger Sawtooth network we first need to create a target cluster. To do this we click on the ADD + button which takes us to the following screen:

Kubernetes form

If there are no Route53 Domains in the dropdown please refer back to the Preflight Checks section above. Once you have created a Route53 Domain refresh this page.

The rest of the form should be self-explanatory. You need to select the AWS Region then your preferred availability zones if there are more AZs than the number of nodes specified.

Kubernetes AZs

If you opt to get Sextant to generate a key pair then you must save the private key that is created. The easiest way to do this is to copy it to the clipboard then save it to a new file on your machine e.g. by using vi in a terminal window and saving it to ~/.ssh/my-first-cluster.

Kubernetes keys

Having done this all that remains is to click on Create Cluster and put the kettle on as it will take 5-10 minutes to actually set up your Kubernetes cluster. If you return to the Clusters page you will see your cluster in the list. Once it is set up its status will change to created.

Kubernetes list

Exploring EC2

In this example we chose to deploy our cluster to eu-west-2 and if you go to the EC2 console in this region you can see a number of resources have been created by Sextant on your behalf.

EC2 Console

If you drill down on the 4 Running Instances you will see that these are the master and nodes m4.large instances specified when you created the cluster. Note that Sextant has used the Route53 domain we also specified when we created the cluster.

EC2 Console - Running Instances

WARNING as with S3 these resources should be treated as READ ONLY by you.

Deploying Sawtooth

Returning to your Sextant tab which should still be showing the list of Kubernetes clusters note that the two Actions available to you are delete or expand the cluster. Expanding the cluster takes you to the Sawtooth creation panel.

Sawtooth form

Note that you can download the Kubernetes configuration file for this cluster which is useful if you have kubectl installed on your machine.

export KUBECONFIG=~/downloads/my-first-cluster-kubeconfig
kubectl get all -o wide

If you do this then you should see output like this:

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE       SELECTOR
service/kubernetes   ClusterIP   <none>        443/TCP   14h       <none>

Switching back the the Sextant tab we will accept all the Sawtooth defaults with the exception of enabling the XO Transaction Processor in the list of additional TPs. We then click on Deploy Sawtooth.

Sawtooth form - XO

NOTE that strictly speaking Dev Mode should only be selected as the Consensus Algorithm if you are spinning up a single validator node.

After a few moments Sextant will start deploying Sawtooth on your cluster:

Sawtooth deploying

You can see the same thing if you switch to your terminal window:

NAME                        READY     STATUS            RESTARTS   AGE       IP            NODE                                          NOMINATED NODE
pod/sawtooth-monitoring-0   2/2       Running           0          1m   <none>
pod/sawtooth-validator-0    0/11      PodInitializing   0          1m   <none>
pod/sawtooth-validator-1    0/11      Init:0/1          0          1m     <none>
pod/sawtooth-validator-2    0/11      Init:0/1          0          1m   <none>

NAME                         TYPE           CLUSTER-IP       EXTERNAL-IP                                                               PORT(S)                                         AGE       SELECTOR
service/grafana              LoadBalancer    80:31379/TCP                                    1m        app=sawtooth-monitoring
service/influxdb             ClusterIP    <none>                                                                    8086/TCP                                        1m        app=sawtooth-monitoring
service/kubernetes           ClusterIP       <none>                                                                    443/TCP                                         14h       <none>
service/sawtooth-nodeport    NodePort   <none>                                                                    8080:30080/TCP,3030:30030/TCP,30800:30800/TCP   1m        app=sawtooth-validator
service/sawtooth-rest-api    LoadBalancer   8080:31986/TCP,3030:31070/TCP                   1m        app=sawtooth-validator
service/sawtooth-validator   ClusterIP      None             <none>                                                                    30800/TCP                                       1m        app=sawtooth-validator
service/sawtooth-xo-demo     LoadBalancer   80:32101/TCP                                    1m        app=sawtooth-validator

NAME                                   DESIRED   CURRENT   AGE       CONTAINERS                                                                                                                 IMAGES
statefulset.apps/sawtooth-monitoring   1         1         1m        sawtooth-stats-influxdb,sawtooth-stats-grafana                                                                             blockchaintp/sawtooth-stats-influxdb:1.0.5,blockchaintp/sawtooth-stats-grafana:1.0.5
statefulset.apps/sawtooth-validator    3         3         1m        sawtooth-validator,settings-tp,identity-tp,block-info-tp,intkey-tp,seth-tp,seth-rpc,xo-tp,xo-demo,rest-api,utility-shell   blockchaintp/sawtooth-validator:1.0.5,blockchaintp/sawtooth-settings-tp:1.0.5,blockchaintp/sawtooth-identity-tp:1.0.5,blockchaintp/sawtooth-block-info-tp:1.0.5,blockchaintp/sawtooth-intkey-tp-go:1.0.5,blockchaintp/sawtooth-seth-tp:1.0.5,blockchaintp/sawtooth-seth-rpc:1.0.5,blockchaintp/sawtooth-xo-tp-go:1.0.5,blockchaintp/xo-demo:master,blockchaintp/sawtooth-rest-api:1.0.5,blockchaintp/sawtooth-shell:master

Within a couple of minutes your Sawtooth network will be deployed on your cluster and you are ready to play tick-tack-toe.

Sawtooth deployed

If you return to the Clusters page you can now see that the status of your cluster is deployed.

Kubernetes list - deployed

Expanding your deployed cluster returns you to the details page where you will note that in addition to being able to download your kubernetes cluster config file or delete it you now have the option to Open Dashboard which takes you to the standard kubernetes dashboard (just Skip the dialog).

Kubernetes dashboard

Returning to the Sextant tab you now have the option to Open Monitoring or Undeploy Sawtooth. If you opt for the former this takes you to the Sawtooth Grafana login page. Use admin/admin and under Home select Sawtooth Performance dashboard.

Grafana dashboard

Returning to the Sextant tab try the Open XO Demo option.

XO dashboard

Look out for a video exploring tick-tack-toe on Sawtooth. In the meantime for more information on what is behind this demo checkout Introduction to the XO Transaction Family.

Follow up actions

If you are planning to use your Sextant instance on an ongoing basis then we recommend that you add an SSL certificate to the ELB you are using to connect to it by following the AWS instructions that detail how to Create a Listener for Your Application Load Balancer.

If you recall Sextant is launched in us-east-1 by default so if you open your EC2 Management Console you should be able to locate the load balancer.

EC2 Load Balancer - Add listener

Advanced topics

Custom transaction processors

You can customise your Sawtooth network by adding custom transaction processors

The key fields are -

  1. Name (alphanumeric)
  2. Image
  3. Command
  4. Arguments

Image is the location of the docker image for your transaction processor and Command is the command needed to launch it, if any, and optionally Arguments.

To try this out instead of enabling the XO transaction processor add the following custom transaction processor -

  1. Name: xo-tp
  2. Image: blockchaintp/sawtooth-xo-tp-go:1.0.5
  3. Command: "xo-tp-go -v --connect tcp://localhost:4004"

In order to run the interactive XO demo you should also add -

  1. Name: xo-demo
  2. Image: blockchaintp/xo-demo:master

Future enhancements

In the next release -

  1. You will be able to bring your own clusters (BYOC!) to the party
  2. You will be able to use Sextant to launch an EKS cluster