Amazon Web Services Inc. today announced the general availability of AWS Nitro Enclaves, an EC2 capability designed to make it easier for customers to securely process highly sensitive data.

Nitro Enclaves, first announced as one of three new security products from Amazon last December, offers the ability to customers to partition compute and memory resources within an instance to create an isolated compute environment.

Created to protect highly sensitive data, Nitro Enclaves allows users to create completely isolated compute environments to process highly sensitive data. Each enclave is an isolated virtual machine with its own kernel, memory and processor. Users select an instance type and decide how much processor and memory they want to designate to the enclave.

The virtual machine created using Nitro Hypervisor technology not only offers central processing unit and memory isolation for Amazon EC2 instances but also comes with no persistent storage, no administrator or operator access and no external networking. According to Amazon, this isolation means that applications running in an Enclave remain inaccessible to other users and systems, even to users within the customer’s organization.

An AWS Nitro Enclave owner can start and stop, or assign resources to an Enclave, but even the owner cannot see what’s being processed inside of AWS Nitro Enclaves. Users can develop enclave applications using the AWS Nitro Enclaves software development kit set of open-source libraries with AWS Nitro Enclaves SDK integrating with AWS Key Management Service, allowing customers to generate data keys and to decrypt them inside the enclave.

At a base level, customers simply select an instance type and decide how much CPU and memory they want to designate to the Enclave. Amazon says Nitro Enclaves provides the flexibility to partition varying combinations of CPU cores and memory, enabling customers to match resources to the size and performance demands of their workloads.

“Customers often tell us that powerful built-in protections like the locked-down security model of the Nitro System are among the primary reasons why they trust AWS with their workloads,” David Brown, vice president for Amazon EC2, said in a statement. “Nitro Enclaves builds on those same security and isolation models that have separated AWS for so many customers, delivering a more efficient method for securely processing highly sensitive data. This means customers can build and innovate faster in a way that still meets the highest bar for security.”

In addition to the general availability of AWS Nitro Enclaves, AWS also announced the launch of AWS Certificate Manager for Nitro Enclaves, a new Enclave application that makes it easy for customers to protect and manage Secure Sockets Layer/Transport Layer Security certificates for their web servers running on Amazon EC2.

AWS Nitro Enclaves is publicly available starting today on the majority of Intel Corp. and Advanced Micro Devices Inc.-based Amazon EC2 instance types built on the AWS Nitro Systems.

Image: AWS