Nitro Enclaves

Definition

Nitro Enclaves are a feature of Amazon Web Services (AWS) that allow users to create isolated compute environments to process highly sensitive data securely. These enclaves provide an additional layer of security by isolating the execution of code and data from the host instance, ensuring that even users with root access to the instance cannot access the enclave’s memory. Nitro Enclaves leverage the Nitro Hypervisor to provide CPU and memory isolation, making them suitable for use cases such as secure data processing, cryptographic operations, and confidential computing.

Secure Settings Example

{
  "EnclaveOptions": {
    "Enabled": true
  },
  "InstanceType": "c5.xlarge",
  "SecurityGroupIds": [
    "sg-0123456789abcdef0"
  ],
  "IamInstanceProfile": {
    "Arn": "arn:aws:iam::123456789012:instance-profile/EnclaveInstanceProfile"
  }
}

Insecure Settings Example

{
  "EnclaveOptions": {
    "Enabled": false
  },
  "InstanceType": "c5.xlarge",
  "SecurityGroupIds": [
    "sg-0123456789abcdef0"
  ],
  "IamInstanceProfile": {
    "Arn": "arn:aws:iam::123456789012:instance-profile/DefaultInstanceProfile"
  }
}