Member-only story
How to Use AWS Nitro Enclaves Attestation Document
In my last blog post Running Python App on AWS Nitro Enclaves, I briefly introduced what AWS Nitro Enclaves is and also demonstrate how network connection works on Nitro Enclaves.
This week, I am going to talk about how we can make use of attestation documents generated by Nitro Secure Module (NSM).
Common Scenario
AWS Nitro Enclaves are isolated compute environments that can securely process highly sensitive data. When communicating with other components outside the enclave (e.g. Central secret store), we also want this process as secure as possible. The 2 main concerns are:
- How does the outside component know if it is communicating with the correct enclave image but not an attacker impersonating the enclave?
- How can we secure the data transmitted between the enclave and the outside component?
To tackle the issue, AWS Nitro Enclaves provides an attestation mechanism, its detail is provided in AWS documentation. But to understand it more easily, I created a Python demo for you to have a hands-on experience.
The Components
- Client
This is to simulate generic components…