Posted On: Oct 28, 2020

ACM for Nitro Enclaves is an enclave application that allows you to use public and private SSL/TLS certificates with your web applications and servers running on Amazon EC2 instances with AWS Nitro Enclaves. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet as well as resources on private networks. Nitro Enclaves is an EC2 capability that enables creation of isolated compute environments to protect and securely process highly sensitive data, such as SSL/TLS private keys.

ACM removes the time-consuming and error-prone manual process of purchasing, uploading, and renewing SSL/TLS certificates. ACM takes care of creating secure private keys, distributing the certificate and its private key to your enclave, and managing certificate renewals. With this release, ACM for Nitro Enclaves works with nginx running on your Amazon EC2 instance to install the certificate and seamlessly replace expiring certificates. We plan to support additional web servers over time. With Nitro Enclaves, the certificate's private key remains isolated in the enclave, preventing the instance from viewing the private key.  

Public SSL/TLS certificates that you provision through ACM for Nitro Enclaves are available at no additional cost. You pay only for the AWS resources that you create to run your application, such as EC2 instances. Private certificates are available at no additional cost per certificate when you use and pay for ACM Private CA.

ACM for Nitro Enclaves is available today in the AWS US East (N. Virginia, Ohio), US West (Oregon), Europe (Frankfurt, Ireland, London, Paris, Stockholm), Asia Pacific (Hong Kong, Mumbai, Singapore, Sydney, and Tokyo) and South America (Sao Paulo) regions, with more regions coming soon.

For more information on ACM for Nitro Enclaves and supported web servers, refer to the Nitro Enclaves User Guide. To learn more about ACM, see ACM User Guide.