Cloud security is usually pretty good at protecting data at rest (encrypted on disk) and in transit (TLS).

The problem is processing. To run code, you have to decrypt data in memory. At that exact millisecond, a malicious admin, a compromised OS kernel, or a memory scraper can steal your private keys.

AWS Nitro Enclaves fix this by carving out a "black box" inside your EC2 instance.

When you launch an Enclave, the Nitro Hypervisor physically slices off CPU and Memory from the parent instance.

This isn't just a container namespace trick. The memory pages are hardware-locked. The parent OS literally sees its available RAM drop.

# Launch Enclave with explicit resources
nitro-cli run-enclave \
  --cpu-count 2 \
  --memory 2048 \
  --eif-path app.eif \
  --enclave-cid 16

You can't just apt-get install inside an Enclave. You have to build a self-contained image called an EIF (Enclave Image File).

Think of an EIF like a Docker container that has been frozen in carbonite, wrapped with a Linux Kernel, and cryptographically signed.

1nitro-cli build-enclave --docker-uri my-signer:latest --output signer.eif

If you can't SSH in, how do you know what code is running?

Attestation. When the Enclave boots, it generates a hash of its entire contents (Kernel + Code + Config). This hash is called PCR0.

You can configure AWS KMS to only release a decryption key if the requesting Enclave's PCR0 matches exactly.