Create an AWS Nitro-based instance

This page describes some simple steps to create an AWS Nitro-based EC2 instance using the AWS CLI tools.

While there are many ways to create AWS EC2 instances (AWS EC2 Console, Terraform, etc.), the steps described in this section do not rely on any tools other than the AWS CLI command-line tools. If you have a preferred tool, you can create an AWS Nitro-based EC2 instance using that tool instead of the steps on this page.

The Prerequisites section has more details on the Anjuna Nitro Runtime requirements.

Download the AWS CLI tools

Version 2 of the AWS CLI is required, because version 1 does not support all of the AWS Nitro features. Do not install the AWS CLI using apt, yum, or snap, which install v1. Instead, download and install the AWS CLI v2 installer binary with these commands:

$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
$ unzip awscliv2.zip
$ sudo ./aws/install

Install jq

This tutorial will use the jq command-line utility to parse JSON output. Install the jq tool by following the instructions here: Download jq

Authenticate to AWS

Run the following command to authenticate to the AWS infrastructure:

$ aws configure
The command above prompts for the “Access key ID” and the “Secret access key” (which should have been provided when you signed up with AWS).

Then, set the default region for the AWS CLI with a Region Code like us-east-2:

$ export AWS_DEFAULT_REGION=<your-region>

Create SSH keypair for connecting to EC2 hosts

You should also have an SSH keypair to connect to AWS EC2 hosts that you create. You can skip this section if you already have one.

$ aws ec2 create-key-pair \
    --key-name <keyName> \
    --query 'KeyMaterial' \
    --output text > <keyName>.pem
$ chmod 600 <keyName>.pem
Make sure you have a keypair in the region where you will be creating the EC2 instance.

Create an AWS Nitro-based instance

Run the following commands to create a new AWS Nitro-based instance with the latest version of Amazon Linux 2023, by using the CLI or the AWS Console.

  • Command line

  • AWS Console

The following command will create a new AWS Nitro-based instance, with the latest version of Amazon Linux 2023.

The m5.xlarge instance in the command below is the smallest AWS Nitro-based instance type supported by the Anjuna Nitro Runtime. You will be able to run a single enclave with 2 vCPUs. For multiple enclaves, use an instance type like m5.2xlarge or larger, with at least 2 vCPUs for each enclave you plan to run.
The al2023-ami-kernel-default-x86_64 image id below points to the latest Amazon Linux 2023. To use Amazon Linux 2, use amzn2-ami-hvm-x86_64-gp2.

Replace the string <keyname> with your actual key name:

$ aws ec2 run-instances  \
  --image-id resolve:ssm:/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64  \
  --instance-type m5.xlarge  \
  --enclave-options Enabled=true \
  --key-name <keyName>

The JSON output will contain the InstanceId, which uniquely identifies the newly created EC2 instance.

Log into the AWS Console, and then visit the Launch an instance wizard.

The AWS Nitro Runtime supports Amazon Linux 2023. Select the “Amazon Linux 2023 AMI”.

Amazon Linux 2023

Then, select the m5.xlarge instance type, or another instance type compatible with AWS Nitro Enclaves.

The m5.xlarge instance in the command below is the smallest AWS Nitro-based instance type supported by the Anjuna Nitro Runtime. You will be able to run a single enclave with 2 vCPUs. For multiple enclaves, use an instance type like m5.2xlarge or larger, with at least 2 vCPUs for each enclave you plan to run.
Instance type

Select a key pair to connect to the instance:

Key pair

You can leave the default network and storage settings.

Finally, near the bottom of the “Advanced details” section, set Nitro Enclave to Enable:

Advanced details

Now, click the “Launch Instance” button to create the new instance.

Using the InstanceId, you can query AWS to retrieve attributes of this EC2 instance. Replace <your-instance> with the correct value:

$ aws ec2 describe-instances --instance-ids <your-instance> \
 | jq '.Reservations[].Instances[] | { id: .InstanceId, fqdn: .PublicDnsName, ip: .PublicIpAddress }'

The output should show the IP address (and public DNS name), which allows you to SSH into it using the SSH key created in the previous section. Replace <keyname> and <public-ip> with the correct values:

$ ssh -i <keyname>.pem ec2-user@<public-ip>

If everything worked, you should see the following output when connecting this instance:

   ,     #_
   ~\_  ####_        Amazon Linux 2023
  ~~  \_#####\
  ~~     \###|
  ~~       \#/ ___   https://aws.amazon.com/linux/amazon-linux-2023
   ~~       V~' '->
    ~~~         /
      ~~._.   _/
         _/ _/
       _/m/'

Congratulations, you are connected to an AWS Nitro parent instance!

Next steps

The remaining instructions in this section assume that you are logged in to this newly created EC2 instance.