Setting Up the Nitro Host

In this section, you must be logged into a Nitro capable host (see the previous section).

Installing necessary packages on the EC2 Nitro host

The Nitro host requires a few packages that are required for the creating of Nitro enclaves.

Installing jq is included in the required dependencies in the install command below and is recommended since many example commands throughout this document use jq. jq is a command-line tool that formats JSON output so that it is more easily readable.

Run the following command to install the required dependencies (the commands assume the operating system is Centos based):

$ sudo amazon-linux-extras install aws-nitro-enclaves-cli
$ sudo yum install -y aws-nitro-enclaves-cli-devel jq openssl11-libs
$ sudo usermod -aG ne ec2-user
$ sudo usermod -aG docker ec2-user

# Give the ne group access to /dev/vsock
$ echo 'KERNEL=="vsock", MODE="660", GROUP="ne"' | sudo tee /etc/udev/rules.d/51-vsock.rules
$ sudo udevadm control --reload
$ sudo udevadm trigger

Since changes are made to the permissions of the default user are made, just exit the SSH session and login again into the EC2 Nitro host for the permissions to become active. This is needed only the first time you install Docker on the host.

Configure some of the Nitro components

The default configuration of the Nitro tools defines the maximum size of an enclave to be 512MB. To create enclaves that are much bigger, you must change the default value (change the value 4096 to an appropriate size for the applications you will run in enclaves. although this is a good default value to start with):

$ sudo sed -i 's/^memory_mib:.*/memory_mib: 4096/' /etc/nitro_enclaves/allocator.yaml

Restart/start the required services

$ sudo systemctl start nitro-enclaves-allocator.service
$ sudo systemctl enable nitro-enclaves-allocator.service
$ sudo systemctl start docker && sudo systemctl enable docker