Updating the KMS Policy to Authorize Nitro Enclaves

In the previous section, you built a Nitro Enclave that decrypts a secret encrypted by AWS KMS Customer Master Key. In this section, you will update the policy associated with that Customer Master Key to authorize this Nitro Enclave to decrypt secrets ONLY IF it presents a valid Signed Attestation Document.

As a reminder, the Nitro Enclave measurements were shown in the previous section when you created the Enclave Image File. The output should look like this:

Start building the Enclave Image...
Enclave Image successfully created.
{
  "Measurements": {
    "HashAlgorithm": "Sha384 { ... }",
    "PCR0": "80cabd5643bccbc644bc299361b28d0fc095145733e4ef0552cf3491339d487fca325f1b497478bcf40d934051e79367",
    "PCR1": "a5b4408152040f6ec87941abc5788d63ba1e74be5714408a271c5081ede76bfdfed00b84d3f04d31e51b844d22f343b8",
    "PCR2": "fda83c68b97a328d07b7668897b34e5f705f2eec3035603fc65bbf1c93d9c240641220c8ffaa1d5d1a2e4dcc4831699e"
  }
}

When a Nitro Enclave started in DEBUG mode (i.e. with the –debug-mode command-line argument when using the anjuna-nitro-cli run-enclave utility) produces a Signed Attestation Document, the PRC0 measurement is always set to “000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000”.

This allows KMS administrators to create access policies that can differentiate between debug enclaves and production enclaves.

As a first step, you will verify that the Nitro Enclave (running in debug mode) can produce a Signed Attestation Document and submit it to AWS KMS. Once this succeeds, you will try with a production enclave.

In a typical deployment scenario, multiple measurements should be used, and debug enclaves should never be allowed to access secrets intended for production enclaves.

Find your Customer Master Key policy

In a browser, navigate to the KMS Web portal (make sure you select the correct AWS region):

https://console.aws.amazon.com/kms/home

Look for your Master Customer Key and select it to view its properties. On the “Policy” tab, click on the “Edit” button to update the policy.

Add the following Object in the JSON array Statement to the policy:

{
    "Sid": "Enable decrypt from enclave",
    "Effect": "Allow",
    "Principal": {
        "AWS": "arn:aws:iam::<ACCOUNT>:role/<IAM_ROLE>"
    },
    "Action": "kms:Decrypt",
    "Resource": "*",
    "Condition": {
        "StringEqualsIgnoreCase": {
            "kms:RecipientAttestation:ImageSha384": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
        }
    }
},

Make sure you update the following values to match your environment:

  • <ACCOUNT>

  • <IAM_ROLE>

This policy tells AWS KMS that an enclave that presents a Signed Attestation Document that matches the following properties should be allowed to use the Customer Master Key to decrypt data:

  • the enclave is running on an EC2 instance associated with the specified IAM Role,

  • the enclave PCR0 measurement (provided in the Signed Attestation Document) matches the specified value.

After changing the Customer Master Key policy, AWS KMS will automatically grant permission to the specified enclave to decrypt data using that KMS key.

You are now ready to run the Nitro Enclave and verify that it could decrypt the secret using AWS KMS.