Introduction

An AWS Nitro Enclave (https://aws.amazon.com/ec2/nitro/nitro-enclaves) provides a way to run code in a secure enclave that prevents access to the memory and CPU of that code. An AWS Nitro Enclave is a restricted environment without any attached peripherals such as a network interface. There is a single communication interface on top of which developers can build a protocol to pass data in and out of the enclave. While providing a highly secure and isolated environment, an enclave demands investing significant engineering efforts to have an application take advantage of it. Moreover, this is not something that can be done for closed source applications.

Anjuna augments the architecture provided by AWS Nitro Enclaves and expands the number of applications that can be run in AWS Nitro Enclaves. The Anjuna Nitro Runtime enables running an application inside an AWS Nitro Enclave without changes to the application. It enables access to network communication, seamless key-management and encryption. Anjuna’s “lift-and-shift” approach eliminates the need to work with ever-changing applications and SDKs. No changes to applications, recompilation, or operations are required.

About this Document

This guide is structured as follows:

Getting the Anjuna Nitro Runtime explains how to obtain and set up the Anjuna Nitro Runtime.
First Steps guides you through running a few simple programs with the protection of a secure enclave.
Providing Secrets to the AWS Nitro Enclave explains how to create AWS Nitro Enclaves on AWS Nitro-based EC2 instances.
Persistent Storage explains the persistent storage options that the Anjuna Nitro Runtime supports and setting up an AWS Nitro Enclave with persistent storage.
Getting Started with the Anjuna Nitro Kubernetes toolset explains setting up and configuring a simple AWS EKS cluster.
The Command Reference is a reference to the command-line tools distributed with the Anjuna software.
The Configuration Reference explains the configuration options used to control the behavior of the Anjuna Nitro Runtime.

Document Conventions

This section describes typographical and other conventions used in this guide.

Text colored like this is a link to another document, either in this guide or elsewhere on the web.

Text in monospace type represents text that appears in a terminal or in the filesystem of a host. We use it to refer to the names of commands and of files used by the Anjuna Nitro Runtime and in examples.

A block of text in monospace type represents an interaction with a host’s shell in the terminal, or the text of a file.

This block of text is an example of monospace type used to illustrate the contents of a file.

Some code blocks are shortened to emphasize only the relevant configuration. A line with <snip>… indicates that some lines have been removed from the full configuration.

The following text illustrates the appearance of a command in a terminal shell. You can copy the text by hovering over it and clicking on the clipboard icon to the right.

$ ls -al

Text in <angle brackets> in examples stands for text to be replaced.

For example, in this text:

/home/<username>/.bashrc

replace <username> with an actual username.