tags: #publish links: [[AWS]] created: 2020-12-22 Tue --- # AWS Nitro Enclaves https://aws.amazon.com/blogs/aws/aws-nitro-enclaves-isolated-ec2-environments-to-process-confidential-data/ https://aws.amazon.com/ec2/nitro/nitro-enclaves/ Isolated, constrained compute environments within/adjacent to [[EC2]] instances, to help with things like PII compliance regulations, or protecting crypto systems. VM isolation (Nitro Hypervisor), no persistent storage or interactive access, no external networking - access is only from the associated EC2, via a secure local channel. Includes code verification and special [[AWS Key Management Service (KMS)]] integration e.g. so that only enclaves can access things.