Introduction

An AWS Nitro Enclave (https://aws.amazon.com/ec2/nitro/nitro-enclaves) provides a way to run code in a secure enclave that prevents access to the memory and CPU of that code. A Nitro Enclave is a restricted environment without any attached peripherals such as a network interface. There is a single communication interface on top of which developers can build a protocol to pass data in and out of the enclave. While providing a highly secure and isolated environment, an enclave demands investing significant engineering efforts to have an application take advantage of it. Moreover, this is not something that can be done for closed source applications.

Anjuna augments the architecture provided by Amazon Nitro Enclaves and expands the number of applications that can be run in Nitro Enclaves. The Anjuna Nitro Runtime enables running an application inside a Nitro Enclave without changes to the application. It enables access to network communication, seamless key-management and encryption. Anjuna’s “lift-and-shift” approach eliminates the need to work with ever-changing applications and SDKs. No changes to applications, recompilation, or operations are required.

With and Without

About this Document

This guide is structured as follows: