Installing the Nitro Enclaves CLI on Linux - AWS

Installing the Nitro Enclaves CLI on Linux

The following instructions are for installing or uninstalling the AWS Nitro Enclaves CLI on or from a parent instance running Amazon Linux 2. For instructions for installing the Nitro CLI on different Linux distributions, see the Nitro CLI github repository.

Install AWS Nitro Enclaves CLI

To install the Nitro CLI on an instance running AL2

  1. Install the Nitro CLI.

    $ sudo amazon-linux-extras install aws-nitro-enclaves-cli
  2. Install the Nitro Enclaves development tools needed to build enclave images. The development tools also includes some sample applications.

    $ sudo yum install aws-nitro-enclaves-cli-devel -y
  3. Add your user to the ne user group.

    $ sudo usermod -aG ne username
  4. Add your user to the docker user group.

    $ sudo usermod -aG docker username
  5. For the changes to take effect, log out of the instance and then reconnect to it.

  6. Verify that the Nitro CLI installed correctly.

    $ nitro-cli --version

    The command should return version information about the Nitro CLI.

  7. Preallocate the memory and the vCPUs that you intend to use for enclaves on the instance.

    Using your preferred text editor, open /etc/nitro_enclaves/allocator.yaml. For memory_mib and cpu_count, specify the overall amount of memory (in MiB) and the number of vCPUs that you want to dedicate for the use of enclaves. Save and close the file.

    Run the following command to allocate the resource specified in the file and to ensure that they are automatically allocated every time the instance starts.

    $ sudo systemctl start nitro-enclaves-allocator.service && sudo systemctl enable nitro-enclaves-allocator.service

    When you create an enclave, the requested memory and vCPUs must be less than or equal to the values that you specified here. If you need to create an enclave with more memory or vCPUs in the future, you must update the values in this file and restart the service.

  8. Start the Docker service and ensure that it starts every time the instance starts.

    $ sudo systemctl start docker && sudo systemctl enable docker

Uninstall AWS Nitro Enclaves CLI

If you no longer want to use AWS Nitro Enclaves, use the following command to uninstall the AWS Nitro Enclaves CLI.

$ sudo yum remove aws-nitro-enclaves-cli