Prerequisites

You must have an AWS account and the ability to create AWS EC2 instances. The examples in this document might also require access to various AWS services:

  • AWS Elastic Kubernetes Service (EKS)

  • AWS Key Management Service (KMS)

  • AWS S3

Information on best practices and identity and access management can be found at the following AWS links:

Security best practices in IAM

Identity and access management for Amazon EKS

Identity and access management for AWS Key Management Service

Identity and access management in Amazon S3

Hardware requirements and recommendations

In order to launch and use AWS Nitro Enclaves, you need to create an AWS EC2 instance that meets the following requirements and considerations as presented on this AWS documentation page.

Note that building an EIF does not require an instance with AWS Nitro Enclaves enabled. Enabling AWS Nitro Enclaves for the instance is only required to run the enclave. See Requirements for building an EIF image.

A single EC2 instance can run up to four enclaves simultaneously. This limitation is built into the AWS Nitro infrastructure. Since enclaves consume resources from the host instance, it is important to ensure that the host still has enough resources to operate correctly. The following recommendations should be used as a baseline when selecting an instance type:

  • The host should have at least 1GB of memory per enclave, in addition to the memory used by all enclaves and by the host

  • The host should have at least 1 vCPU per pair of vCPUs used by enclaves (note that the number of vCPUs used by an enclave must always be a multiple of 2)

For example, if you intend to run three enclaves on a single host, two with 2 vCPUs and 2GB memory, and another with 4 vCPUs and 4GB memory, create an instance with the following resources:

  • At least 12 vCPUs (8 enclave vCPUs, and 4 additional for the host)

  • At least 11GB memory (8GB for the enclaves, and 3GB for the host)

Number of vCPUs Memory (GB)

Enclave 1

2

2

Enclave 2

2

2

Enclave 3

4

4

Parent instance

(2 + 2 + 4) enclave vCPUs / 2 = 4

3 enclaves * 1 GB per enclave = 3GB

Total EC2 instance

2 + 2 + 4 + 4 = 12 vCPUs minimum

2 + 2 + 4 + 3 = 11 GB minimum

Supported platforms

The Anjuna Nitro Runtime requires Amazon Linux 2023, Amazon Linux 2 or Red Hat Enterprise Linux 8. For other operating systems, contact support@anjuna.io.