Skip to content
Gallery
2. Amazon Elastic Compute Clouds (EC2)
Amazon EC2
IP Addresses
Placement Groups
Elastic Network Interfaces
NAT Gateway vs NAT Instances
Instance Lifecycle
Billing and Provisioning Options
AWS Nitro System and Enclaves
Misc
More
Share
Explore

icon picker
AWS Nitro System and Enclaves

AWS Nitro System

The Nitro System is a collection of hardware and software components built by AWS that enable high performance, high availability, and high security. For more information, see
AWS Nitro System
.
The Nitro System provides bare metal capabilities that eliminate virtualization overhead and support workloads that require full access to host hardware. Bare metal instances are well suited for the following:
Workloads that require access to low-level hardware features (for example, Intel VT) that are not available or fully supported in virtualized environments
Applications that require a non-virtualized environment for licensing or support
Nitro is the underlying platform for the next generation of EC2 instances
Breaks functions into specialized hardware with a Nitro Hypervisor
Specialized hardware includes:
Nitro cards for VPC
Nitro cards for EBS
Nitro for Instance Storage
Nitro card controller
Nitro security chip
Nitro hypervisor
Nitro Enclaves
Improves performance, security and innovation:
Performance close to bare metal for virtualized instances
Elastic Network Adapter and Elastic Fabric Adapter
More bare metal instance types
Higher network performance (e.g. 100 Gbps)
High Performance Computing (HPC) optimizations
Dense storage instances (e.g. 60 TB)
Loading
docs.aws.amazon.com

AWS Nitro Enclaves

AWS Nitro Enclaves is an Amazon EC2 feature that allows you to create isolated execution environments, called enclaves, from Amazon EC2 instances. Enclaves are separate, hardened, and highly-constrained virtual machines. They provide only secure local socket connectivity with their parent instance. They have no persistent storage, interactive access, or external networking. Users cannot SSH into an enclave, and the data and applications inside the enclave cannot be accessed by the processes, applications, or users (root or admin) of the parent instance. Using Nitro Enclaves, you can secure your most sensitive data, such as personally identifiable information (PII), and your data processing applications.
image.png

Uses cryptographic attestation to ensure only authorized code is running
Integrates with AWS Key Management Service (KMS)
Protect and securely process highly sensitive data:
Personally identifiable information (PII)
Healthcare data
Financial data
Intellectual Property data

Loading
docs.aws.amazon.com
AWS Nitro System
AWS Nitro Enclaves
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.