Introduction
An AWS Nitro Enclave allows you to run code in a secure enclave with no external access to the enclave’s memory and CPU. The secure enclave can produce cryptographic evidence that a particular piece of code is running, and it defends that code from sophisticated cyberattacks.
While an AWS Nitro Enclave provides a highly secure and isolated environment, it also comes with restrictions. For example, instead of a network interface with connection to the Internet, there is only a single socket between an AWS Nitro Enclave and another virtual machine instance. Developers must design a protocol to pass data in and out of the enclave and update their applications to use it for network traffic and persistent filesystem access. This can require significant engineering effort or even be impossible for closed-source applications.
The Anjuna Seaglass Platform augments the architecture provided by AWS Nitro Enclaves and expands the number of applications that can be run in AWS Nitro Enclaves. The Anjuna Nitro Runtime enables running an application inside an AWS Nitro Enclave without changes to the application. It provides seamless access to network communication, encryption, and key management. Anjuna’s “lift-and-shift” approach eliminates the need to work with ever-changing applications and SDKs. No changes to applications, recompilation, or operations are required.
About this document
This guide is structured as follows:
-
Architecture introduces the architecture of the Anjuna Nitro Runtime and explains how it will improve your experience running applications in AWS Nitro Enclaves.
-
Getting the Anjuna Nitro Runtime explains how to obtain and set up the Anjuna Nitro Runtime.
-
First steps guides you through running a few simple programs with the protection of a secure enclave.
-
Providing secrets to the AWS Nitro Enclave explains how to create AWS Nitro Enclaves on AWS Nitro-based EC2 instances.
-
Persistent storage explains the persistent storage options that the Anjuna Nitro Runtime supports and setting up an AWS Nitro Enclave with persistent storage.
-
Getting started with the Anjuna Nitro Kubernetes Toolset explains setting up and configuring a simple AWS EKS cluster.
-
Best practices contains best practices when working with AWS Nitro Enclaves and the Anjuna Nitro Runtime, including performance guidelines.
-
The Command reference is a reference to the command-line tools distributed with the Anjuna software.
-
The Configuration reference explains the configuration options used to control the behavior of the Anjuna Nitro Runtime.
-
Troubleshooting addresses possible warnings or errors you might encounter while using the Anjuna tools, including potential solutions.
Document conventions
This section describes typographical and other conventions used in this guide.
Text colored like this is a link to another document, either in this guide or elsewhere on the web.
Text in monospace type
represents text that appears in a terminal or in the filesystem of a host.
Commands and files used by the Anjuna Nitro Runtime and example code are shown in monospace type
.
A block of text in monospace type represents an interaction with a host’s shell in the terminal, or the text of a file.
This block of text is an example of monospace type used to illustrate the contents of a file.
Some code blocks are shortened to emphasize only the relevant configuration.
A line with <snip>…
indicates that some lines have been removed from the full configuration.
The following text illustrates the appearance of a command in a terminal shell. You can copy the text by hovering over it and clicking on the clipboard icon to the right.
$ ls -al
Text in <angle brackets>
in examples stands for text to be replaced.
For example, in this text:
/home/<username>/.bashrc
replace <username>
with an actual username.