AWS Nitro Enclaves FAQs

AWS Nitro Enclaves is an EC2 capability that allows you to create isolated execution environments within EC2 instances. Nitro Enclaves helps customers reduce the attack surface area for their most sensitive data processing applications. Nitro Enclaves offers an isolated, hardened, and highly constrained environment to host security-critical applications. This isolated execution environment, known as an enclave, allows you to protect your sensitive data when it is in use from applications, processes, or users that are external to the enclave.

Enclaves are separate virtual machines, hardened, and highly constrained. They have no persistent storage, no interactive access, and no external networking. Nitro Enclaves uses the Nitro Hypervisor to further isolate the CPU and memory of the enclave from users, applications, and libraries on the parent EC2 instance.

You should use Nitro Enclaves because it makes it easier to set up and manage isolated compute environments in EC2 to process your highly sensitive data. Nitro Enclaves allows you to create enclaves that are virtual machines attached to EC2 instances that come with no persistent storage, no interactive access, and no external networking. Communication between your instance and your enclave is done using a secure local channel.

You should use Nitro Enclaves when you are processing highly sensitive data and you want to isolate that processing from users, applications, and libraries that have access to your EC2 instances. With Nitro Enclaves, you can develop and run any processing workloads to cater to use cases like personally identifiable information (PII), healthcare data, private keys, proprietary code and algorithms, multi-party computation, and more.

The quickest way to get started with Nitro Enclaves is to go through the Hello Enclave getting started example.

Memory and CPU isolation prevents the users, applications, and libraries on the parent EC2 instance from directly accessing the memory and CPU cores of the enclave. The enclave runs as a separate virtual machine to the EC2 instance that is used to create it.

Nitro Enclaves utilizes proven CPU-based technology for execution isolation, combined with the unique design of the Nitro System and a root of trust based in AWS designed silicon.

The Nitro Hypervisor is designed by AWS to partition the physical resources of a server and, unlike other virtualization technology, does not implement general-purpose administrative capabilities that are not needed in our cloud infrastructure. Nitro Enclaves extends the isolation capabilities of the Nitro Hypervisor to further protect information that resides in the CPU and memory resources that are allocated to provision an enclave.

Nitro Enclaves is currently supported on the majority of Graviton, Intel, and AMD-based Amazon EC2 instance types built on the AWS Nitro System. Nitro Enclaves is not currently available on bare metal instances, burstable instance types (e.g. T3), and instances with only 1 CPU core.

Cryptographic attestation is a process used to prove the identity of an enclave and verify that only authorized code is running your enclave. The attestation process is accomplished through the Nitro Hypervisor, which produces a signed attestation document for the enclave to prove its identity to another party or service. Attestation documents contain details of the enclave such as the enclave's public key, hashes of the enclave image and applications, and more. Nitro Enclaves includes AWS KMS integration, where KMS is able to read and verify these attestation documents sent from the enclave before re-encrypting data to an enclave-specific private key

AWS Nitro Enclaves supports the ability to create more than one enclave per EC2 instance. Customers can create multiple enclaves that are attached to a single EC2 instance.

The multiple enclaves support is available in all AWS regions where Nitro Enclaves is available.

To learn more, visit the AWS Nitro Enclaves user guide.

There are no additional charges for using AWS Nitro Enclaves. You will be charged for the use of Amazon EC2 instances and any other AWS services that are used with Nitro Enclaves.

Enclave applications, like ACM for Nitro Enclaves , are complete end-to-end applications that you can use with Nitro Enclaves. Enclave applications contains the application (in .eif format) that runs in the enclave, and applications that run on the parent instance that are required to interact with the enclave. Enclave applications provide you with an easy way to get started with Nitro Enclaves without having to refactor existing applications to run in an isolated, hardened, and highly constrained environment.

Vsock is a type of socket interface that is defined by a context ID (CID) and port number. The context ID is parallel to an IP address in a TCP/IP connection. Vsock utilizes standard, well-defined POSIX Sockets APIs (e.g. connect, listen, accept) to communicate with an enclave. Applications can use these APIs to communicate natively over vsock or they can send HTTP requests over vsock through a proxy. The Nitro Enclaves SDK includes examples on how you can program your application to send HTTP requests to your enclave.

Attestation documents are signed by the AWS Nitro Attestation PKI, which includes a root certificate for the commercial AWS partitions. See documentation for more information and for the root certificates.

Yes, you can use your own key management service or another 3rd party. To do that, you will need to build an attestation process or service to be able to validate the signed attestation documents generated by your enclave.

ACM for Nitro Enclaves is an enclave application that allows you to use public and private SSL/TLS certificates from AWS Certificate Manager (ACM) with your web applications and servers running on Amazon EC2 instances with AWS Nitro Enclaves.

AWS Certificate Manager (ACM) for Nitro Enclaves allows you to use public and private SSL/TLS certificates with your web applications and servers running on Amazon EC2 instances with AWS Nitro Enclaves. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet as well as resources on private networks. Nitro Enclaves is an EC2 capability that enables creation of isolated compute environments to further protect and securely process highly sensitive data, such as SSL/TLS private keys.

ACM removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates. ACM takes care of creating secure private keys, distributing the certificate and its private key to your enclave, and managing certificate renewals. ACM for Nitro Enclaves is an enclave application that works with web applications and servers running on your Amazon EC2 instance to install the certificate and seamlessly replace expiring certificates. With Nitro Enclaves, the certificate's private key remains isolated in the enclave, preventing the instance from viewing the private key.

No, the ACM for Nitro Enclaves does not allow you or any users to view or export the private key of the certificate.

ACM for Nitro Enclaves is fully integrated and compatible with NGINX 1.18 and above.

ACM for Nitro Enclaves supports both public and private SSL/TLS certificates issued through ACM, as well as third-party certificates imported into ACM. ACM does not manage renewals for imported certificates. Customers are responsible for renewing the certificates they import into ACM.

There is no additional cost to using ACM for Nitro Enclaves. Public SSL/TLS certificates that you provision through ACM for Nitro Enclaves are available at no cost. You pay only for the AWS resources that you create to run your application, such as EC2 instances.

To get started, go to the ACM for Nitro Enclaves user guide.