Create an AWS Nitro-based instance

This page describes some simple steps to create an AWS Nitro-based EC2 instance using the AWS CLI tools.

While there are many ways to create AWS EC2 instances (AWS EC2 Console, Terraform, etc.), the steps described in this section are simple and do not rely on any other tools than the AWS CLI command-line tools. You can skip this section if you have a preferred deployment tool.

The Prerequisites section has more details on the Anjuna Nitro Runtime requirements.

Download the AWS CLI tools

Version 2 of the AWS CLI is required, because version 1 does not support all of the AWS Nitro features. Do not install the AWS CLI using apt, yum, or snap, which install v1. Instead, download and install the AWS CLI v2 installer binary with these commands:

$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
$ unzip awscliv2.zip
$ sudo ./aws/install

Install jq

This tutorial will use the jq command-line utility to parse JSON output. Install the jq tool by following the instructions here: Download jq

Authenticate to AWS

Run the following command to authenticate to the AWS infrastructure:

$ aws configure
The command above prompts for the “Access key ID” and the “Secret access key” (which should have been provided when you signed up with AWS).

Then, set the default region for the AWS CLI with a Region Code like us-east-2:

$ export AWS_DEFAULT_REGION=<your-region>

Create SSH key-pair for connecting to EC2 hosts

You should also have an SSH key-pair to connect to AWS EC2 hosts that you create. You can skip this section if you already have one.

$ aws ec2 create-key-pair \
    --key-name <keyName> \
    --query 'KeyMaterial' \
    --output text > <keyName>.pem
$ chmod 600 <keyName>.pem
Make sure you have a key-pair in the region where you will be creating the EC2 instance.

Create an AWS Nitro-based instance

Run the following commands to create a new AWS Nitro-based instance with the latest version of Amazon Linux 2, by using the CLI or the AWS Console.

  • Command line

  • AWS Console

The following command will create a new AWS Nitro-based instance, with the latest version of Amazon Linux 2.

The m5.xlarge instance in the command below is the smallest AWS Nitro-based instance type supported by the Anjuna Nitro Runtime. You will be able to run a single enclave with 2 vCPUs. For multiple enclaves, use an instance type like m5.2xlarge or larger, with at least 2 vCPUs for each enclave you plan to run.

Replace the string <keyname> with your actual key name:

$ aws ec2 run-instances  \
  --image-id resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2  \
  --instance-type m5.xlarge  \
  --enclave-options Enabled=true \
  --key-name <keyName>

The JSON output will contain the InstanceId, which uniquely identifies the newly created EC2 instance.

Log into the AWS Console, and then visit the Launch an instance wizard.

The AWS Nitro Runtime supports Amazon Linux 2. Select the “Amazon Linux 2 AMI”.

Amazon Linux 2

Then, select the m5.xlarge instance type, or another instance type compatible with AWS Nitro Enclaves.

The m5.xlarge instance in the command below is the smallest AWS Nitro-based instance type supported by the Anjuna Nitro Runtime. You will be able to run a single enclave with 2 vCPUs. For multiple enclaves, use an instance type like m5.2xlarge or larger, with at least 2 vCPUs for each enclave you plan to run.
Instance type

Select a key pair to connect to the instance:

Key pair

You can leave the default network and storage settings.

Finally, near the bottom of the “Advanced details” section, set Nitro Enclave to Enable:

Advanced details

Now, click the “Launch Instance” button to create the new instance.

Using the InstanceId, you can query AWS to retrieve attributes of this EC2 instance (replace the string <your-instance> with the correct value):

$ aws ec2 describe-instances --instance-ids <your-instance> \
 | jq '.Reservations[].Instances[] | { id: .InstanceId, fqdn: .PublicDnsName, ip: .PublicIpAddress }'

The output should show the IP address (and public DNS name), which allows you to SSH into it using the SSH key created in the previous section (replace <keyname> and <public-ip> with the correct values):

$ ssh -i <keyname>.pem ec2-user@<public-ip>

If everything worked, you should see the following output when connecting this instance:

Last login: Wed Dec 23 20:11:30 2020 from 135-180-108-162.fiber.dynamic.sonic.net

           __|  __|_  )
           _|  (     /   Amazon Linux 2 AMI
          ___|\___|___|

    https://aws.amazon.com/amazon-linux-2/
    6 package(s) needed for security, out of 24 available
    Run "sudo yum update" to apply all updates.

Congratulations, you are connected to an AWS Nitro parent instance!

Next steps

The remaining instructions in this section assume that you are logged in to this newly created EC2 instance.