AWS Confidential Computing

Data isolation

Protecting data in use

AWS confidential computing is always on. There is no mechanism for any AWS operator to access customers' Amazon Elastic Compute Cloud (Amazon EC2) instances within the AWS Nitro System.

Benefits

Confidential computing capabilities

Supporting the most demanding use cases

Nitro System

Provides confidentiality and isolation from AWS operators.

Learn more

Nitro Enclaves

Allows customers to create isolated compute environments to protect highly sensitive data from their own users and applications.

Learn more

NitroTPM

Allows customers to attest to the integrity of their instances by providing cryptographic proof.

Learn more

Memory encryption

Starting with AWS Graviton2, AMD EPYC (Milan), and Intel Xeon Scalable (Ice Lake) processors, instance memory is always encrypted. Instances that are enabled with AMD SEV-SNP use an instance-specific key for their memory encryption.

Use cases

Secure sensitive data