Introduction
An AWS Nitro Enclave (https://aws.amazon.com/ec2/nitro/nitro-enclaves) provides a way to run code in a secure enclave that prevents access to the memory and CPU of that code. A Nitro Enclave is a restricted environment without any attached peripherals such as a network interface. There is a single communication interface on top of which developers can build a protocol to pass data in and out of the enclave. While providing a highly secure and isolated environment, an enclave demands investing significant engineering efforts to have an application take advantage of it. Moreover, this is not something that can be done for closed source applications.
Anjuna augments the architecture provided by Amazon Nitro Enclaves and expands the number of applications that can be run in Nitro Enclaves. The Anjuna Nitro Runtime enables running an application inside a Nitro Enclave without changes to the application. It enables access to network communication, seamless key-management and encryption. Anjuna’s “lift-and-shift” approach eliminates the need to work with ever-changing applications and SDKs. No changes to applications, recompilation, or operations are required.
About this Document
This guide is structured as follows:
-
Getting the Anjuna Nitro Runtime explains how to obtain and set up the Anjuna Nitro Runtime.
-
First Steps guides you through running a few simple programs with the protection of a secure enclave.
-
Providing Secrets to the Nitro Enclave explains how to create Nitro Enclaves on Nitro capable EC2 instances.
-
Getting started with the Anjuna Nitro Kubernetes tools explains setting up and configuring a simple AWS EKS cluster.
-
The Command Reference is a reference to the command-line tools distributed with the Anjuna software.
-
The Configuration Reference explains the configuration options used to control the behavior of the Anjuna Nitro Runtime.