Updating the KMS policy to authorize AWS Nitro Enclaves

In the previous section, you built an AWS Nitro Enclave that can decrypt a secret that was encrypted by the AWS KMS key. In this section, you will update the policy associated with that AWS KMS key to authorize this AWS Nitro Enclave to decrypt secrets ONLY IF it presents a valid attestation report.

As a reminder, the AWS Nitro Enclave measurements were shown in the previous section when you created the Enclave Image File. The output should look like this:

Start building the Enclave Image...
Enclave Image successfully created.
{
  "Measurements": {
    "HashAlgorithm": "Sha384 { ... }",
    "PCR0": "80cabd5643bccbc644bc299361b28d0fc095145733e4ef0552cf3491339d487fca325f1b497478bcf40d934051e79367",
    "PCR1": "a5b4408152040f6ec87941abc5788d63ba1e74be5714408a271c5081ede76bfdfed00b84d3f04d31e51b844d22f343b8",
    "PCR2": "fda83c68b97a328d07b7668897b34e5f705f2eec3035603fc65bbf1c93d9c240641220c8ffaa1d5d1a2e4dcc4831699e"
  }
}

When an AWS Nitro Enclave started in DEBUG mode produces a signed attestation report, all PCR measurements other than PCR3 (IAM Role) and PCR4 (EC2 Instance ID) are always set to “000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000”.

This allows KMS administrators to create access policies that can differentiate between debug enclaves and production enclaves.

Use the --debug-mode command-line argument with the anjuna-nitro-cli run-enclave command to start an AWS Nitro Enclave in debug mode.

As a first step, you will verify that the AWS Nitro Enclave (running in debug mode) can produce an attestation report and submit it to AWS KMS. Once this succeeds, you will try with a production enclave.

In a typical deployment scenario, multiple measurements should be used, and debug enclaves should never be allowed to access secrets intended for production enclaves.

Find your AWS KMS key policy

In a browser, navigate to the AWS Console for KMS. Select the AWS region for your KMS key.

Look for your AWS KMS key and select it to view its properties. On the “Policy” tab, click on the “Edit” button to update the policy.

Add the following Object in the JSON array Statement to the policy:

{
  "Sid": "Enable decrypt from enclave",
  "Effect": "Allow",
  "Principal": {
    "AWS": "arn:aws:iam::<ACCOUNT>:role/<IAM_ROLE>"
  },
  "Action": "kms:Decrypt",
  "Resource": "*",
  "Condition": {
    "StringEqualsIgnoreCase": {
      "kms:RecipientAttestation:PCR0": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
    }
  }
},

Make sure you update the following values to match your environment:

  • <ACCOUNT>

  • <IAM_ROLE>

This policy tells AWS KMS that an enclave that presents an attestation report that matches the following properties should be allowed to use the AWS KMS key to decrypt data:

  • the enclave is running on an EC2 instance associated with the specified IAM Role,

  • the enclave PCR0 measurement (provided in the attestation report) matches the specified value.

Updating the KMS policy using anjuna-nitro-kms-policy

Anjuna provides a tool to easily manage specific enclave values in existing KMS policies. See the anjuna-nitro-kms-policy tool in the Command reference section to view, add, update, and delete attestation values on a policy.

The anjuna-nitro-kms-policy tool is intended to simplify the process of editing KMS policies in exploratory, testing, "proof of concept", and demonstration scenarios only. It is not currently recommended to use this tool to manage KMS policies in a production or other security critical context.
The anjuna-nitro-kms-policy manages KMS key policies directly. If you allow the use of IAM policies to manage access to the KMS key, then any IAM administrator in the AWS account can write an IAM policy that bypasses key policy permissions, including the RecipientAttestation Condition for AWS Nitro.

View the current policy

The following is an example of the command to view the contents of the policy.

You must specify an ARN value to the AWS KMS key flag, and it can be a direct ARN or an alias ARN as shown below:

$ anjuna-nitro-kms-policy show --cmk $KMS_KEY_ID

The output describes the current KMS key policy:

{
  "Sid": "Enable decrypt from enclave",
  "Effect": "Allow",
  "Principal": {
    "AWS": "arn:aws:iam::<ACCOUNT>:role/<IAM_ROLE>"
  },
  "Action": "kms:Decrypt",
  "Resource": "*",
},

Provide access to a specific enclave

The following is an example of the command to modify the policy in order to provide access to a specific enclave:

$ anjuna-nitro-kms-policy allow \
      --cmk arn:aws:kms:us-east-2:0123456789012:key/ea12c491-430c-4e69-85b1-be987379aa6c \
      --role arn:aws:iam::0123456789012:role/nitro_instance_role \
      --pcr0 f666e2eb6a5d999181e0a6bdb00fa60ac11717b7272fe8d010b50666f84945daeb8c4716b05cf4ed59ecd167af54f78b

You will see the following output:

Policy updated

After changing the AWS KMS key policy, AWS KMS will automatically grant permission to the specified enclave to decrypt data using that KMS key.

You are now ready to run the AWS Nitro Enclave and verify that it can decrypt the secret using AWS KMS.