AWS Nitro Enclaves enables customers to create isolated compute environments to further protect and securely process highly sensitive data such as personally identifiable information (PII), healthcare, financial, and intellectual property data within their Amazon EC2 instances. Nitro Enclaves uses the same Nitro Hypervisor technology that provides CPU and memory isolation for EC2 instances.

Independent kernel

AWS Nitro Enclaves has its own kernel that is separated from the parent instance’s kernel. The kernel of your parent instance has no access to the enclave.

No interactive access

AWS Nitro Enclaves does not accept inbound connections based on IAM credentials or root privileges. Applications used for processing sensitive data are embedded into the enclave to be used.

Nitro Enclaves SDK

The Nitro Enclaves SDK is a set of open-source libraries for developing applications that can operate in an enclave. For more information, go to https://github.com/aws/aws-nitro-enclaves-sdk-c 

Built in integration with other AWS services like AWS Key Management Service (KMS) and AWS Certificate Manager (ACM)

Nitro Enclaves is integrated with AWS KMS, allowing you to decrypt files that have been encrypted using KMS inside the enclave. AWS Certificate Manager (ACM) for Nitro Enclaves allows you to use public and private SSL/TLS certificates with your web applications and servers running on Amazon EC2 instances with AWS Nitro Enclaves.

Cryptographic Attestation

Cryptographic attestation is a process used to prove the identity of an enclave and verify that only authorized code is running in your enclave. The attestation process is accomplished through the Nitro Hypervisor, which produces a signed attestation document for the enclave to prove its identity to another 3rd party or service. Attestation documents contain key details of the enclave such as the enclave's public key, hashes of the enclave image and applications, and more.

Standard Product Icons (Features) Squid Ink
Learn more about product FAQs

Visit the Nitro Enclaves FAQs page.

Learn more 
Sign up for a free account
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Standard Product Icons (Start Building) Squid Ink
Start building in the console

Get started building with Nitro Enclaves in the AWS Management Console.

Sign in