AWS Nitro Enclaves

Create additional isolation to further protect highly sensitive data within EC2 instances

AWS Nitro Enclaves enables customers to create isolated compute environments to further protect and securely process highly sensitive data such as personally identifiable information (PII), healthcare, financial, and intellectual property data within their Amazon EC2 instances. Nitro Enclaves uses the same Nitro Hypervisor technology that provides CPU and memory isolation for EC2 instances.

Nitro Enclaves helps customers reduce the attack surface area for their most sensitive data processing applications. Enclaves offers an isolated, hardened, and highly constrained environment to host security-critical applications. Nitro Enclaves includes cryptographic attestation for your software, so that you can be sure that only authorized code is running, as well as integration with the AWS Key Management Service, so that only your enclaves can access sensitive material.

There are no additional charges for using AWS Nitro Enclaves other than the use of Amazon EC2 instances and any other AWS services that are used with Nitro Enclaves.

Introducing Nitro Enclaves
AWS Nitro Enclaves Overview


Additional isolation and security

Enclaves are fully isolated virtual machines, hardened, and highly constrained. They have no persistent storage, no interactive access, and no external networking. Communication between your instance and your enclave is done using a secure local channel. Even a root user or an admin user on the instance will not be able to access or SSH into the enclave.

Nitro Enclaves uses the proven isolation of the Nitro Hypervisor to further isolate the CPU and memory of the enclave from users, applications, and libraries on the parent instance. These features help isolate the enclave and your software, and significantly reduce the attack surface area.

Cryptographic attestation

Attestation allows you to verify the enclave’s identity and that only authorized code is running in your enclave. The attestation process is accomplished through the Nitro Hypervisor, which produces a signed attestation document for the enclave to prove its identity to another party or service. Attestation documents contain key details of the enclave such as the enclave's public key, hashes of the enclave image and applications, and more. Nitro Enclaves includes AWS KMS integration, where KMS is able to read and verify these attestation documents that is sent from the enclave.


Nitro Enclaves are flexible. You can create enclaves with varying combinations of CPU cores and memory. This ensures you have sufficient resources to run the same memory or compute intensive applications that you were already running on your existing EC2 instances. Nitro Enclaves are processor agnostic, and can be used across instances powered by different CPU vendors. They are also compatible with any programming language or framework. Furthermore, because many components of Nitro Enclaves are open sourced, customer can even inspect the code and validate it themselves.

How it works

Nitro Enclaves How it Works

Figure 1: Nitro Enclaves How It Works Process Flow

Figure 2: Nitro Enclaves uses the same Nitro Hypervisor technology that creates the CPU and memory isolation among EC2 instances, to create the isolation between an Enclave and an EC2 instance.

Figure 3: An enclave is created by partitioning the CPU and memory of an EC2 instance, called a parent instance. You can create enclaves with varying combinations of CPU cores and memory. Above is an example using m5.4xlarge split into a parent instance (14 vCPU, 32 GiB Memory) and Enclave (2 vCPU, 32 GiB Memory). Communication between the parent instance and the enclave is done via a secure local connection called vsock.

Use cases

Securing Private Keys

Customers can now isolate and use private keys (e.g. SSL/TLS) in an enclave, while preventing users, applications, and libraries on the parent instance from viewing those keys. Normally, these private keys are stored on the EC2 instance in plain text.

AWS Certificate Manager (ACM) for Nitro Enclaves is an enclave application that allows you to use public and private SSL/TLS certificates with your web applications and servers running on Amazon EC2 instances with AWS Nitro Enclaves.


Tokenization is a process that converts highly sensitive data such as credit card numbers or health care data into a token. With Nitro Enclaves, customers can run the application that does this conversion inside an enclave. Encrypted data can be sent to the enclave, where it is decrypted and then processed. The parent EC2 instance will not be able to view or access the sensitive data throughout this process.

Multi-party computation

Using the cryptographic attestation capability of Nitro Enclaves, customers can set up multi-party computation, where several parties can join and process highly sensitive data without having to disclose or share the actual data to each individual party. Multi-party computation can also be done within the same organization to establish separation of duties.

Customer stories

"ACINQ is one of the main developers and operators of the Lightning Network, an open, high-performance payment network based on Bitcoin. By running our payment nodes inside AWS Nitro Enclaves, we were able to achieve the high level of protection we need for the private keys that control our funds with nearly no code modifications. The ability to run complex, cryptographically attested applications inside AWS Nitro Enclaves is a game changer from a security point of view and enables us to implement extra security measures such as the use of hardware wallets to administer our systems. Using AWS Nitro Enclaves, we operate one of the most secure payment nodes on the network, and plan to move more services to AWS Nitro Enclaves to reduce the attack surface of our overall system."

Fabrice Drouin, Co-Founder and CTO, ACINQ

Anuja Security
“Anjuna innovated an enterprise-ready way to protect high-value assets leveraging AWS Nitro Enclaves. Now our customers can set up and manage isolated compute environments in EC2 to process and harden cloud workloads in minutes without recoding or refactoring applications. Anjuna Confidential Computing software, built on Nitro Enclaves, reduces the attack surface for confidential and sensitive data processing applications: personally identifiable information (PII), proprietary algorithms, multiparty computation (MPC) applications, databases, and key/secrets management. AWS Nitro Enclaves allows Anjuna’s software to better serve customers in highly regulated industries such as financial services, fintech, crypto, government, healthcare, and SaaS providers.”

Ayal Yogev, CEO and Co-founder, Anjuna Security
"Highly available and secure validator infrastructure is critical for sustainable cryptocurrency networks (such as the Chain). Specifically, one key aspect that needs to be secured and hardened is the signing of consensus protocol messages. Within our cloud infrastructure, AWS Nitro Enclaves and AWS KMS make it easy for and our external partners to scale, deploy and manage these signing processes. AWS Nitro Enclaves provide cost-effective hardening and isolation for secure key management.”

Tomas Tauber, Chain Lead,
"As a Password Manager, Dashlane is responsible for securing some of the most sensitive data for organizations. Using AWS Nitro Enclaves, our customers are able to cut their integration setup time in half, while ensuring the highest level of security. AWS Nitro Enclaves offer an innovative way to fully isolate the encryption keys, allowing organizations to be confident that their data is private and protected, and that no unauthorized parties, including Dashlane, can see or access keys."

Frederic Rivain, Chief Technology Officer, Dashlane 

"Protecting and processing highly sensitive information such as financial, healthcare, identity, and proprietary data is one of the main use cases for Evervault’s encryption infrastructure. At the core of Evervault is our Evervault Encryption Engine (E3), which performs all cryptographic operations and handles encryption keys for our customers. E3 is built on AWS Nitro Enclaves which provides an isolated, hardened, and highly constrained compute environment for processing sensitive data. Building E3 on Nitro Enclaves means that we can provide both security through cryptographic attestation, and a robust foundation for all other Evervault products and services. At no additional cost, Nitro Enclaves enable us to provide a highly secure, cost effective, and scalable service to our customers; a service that is capable of handling thousands of cryptographic operations per second.”

Shane Curran, Founder & CEO, Evervault

Footprint logo
"Footprint’s mission is to bring trust back to the internet, and our first priority is to make sure that we use the most sophisticated and robust vaulting architecture to store, encrypt, and process sensitive financial and personal data for our customers and their users. To accomplish this, we’ve architected and built Footprint’s core vaulting infrastructure on top of AWS Nitro Enclaves because of the world-class security it provides: the ability to run cryptographically signed and attested code in a CPU, memory, and network isolated environment to massively lower the attack surface area and provide our customers with a security foundation that far outpaces the normal approaches businesses use today.”

Alex Grinman Co-founder & CTO of Footprint

M10 Networks, Inc.
"M10 Networks, Inc develops and deploys their M10 Ledger Platform, a service for developing and distributing central bank digital currencies and tokenized regulated liabilities, on AWS. The Ledger Platform uses AWS Nitro Enclaves to perform signature verification and cryptographic re-signing of batches of transactions. Using AWS Nitro Enclaves on AWS latest M6i instances, M10 is able to deliver a performant and cost effective solution for the digital currency market.”

Sascha Wise, M10 Founding Engineer