Installing the Nitro Enclaves CLI - AWS Nitro Enclaves

Installing the Nitro Enclaves CLI

The following instructions are for installing the AWS Nitro Enclaves CLI on a parent instance running Amazon Linux 2. For instructions for installing the Nitro CLI on different Linux distributions, see the Nitro CLI github repository.

To install the Nitro CLI on an instance running AL2

  1. Install the Nitro CLI.

    $ sudo amazon-linux-extras install aws-nitro-enclaves-cli
  2. Install the Nitro Enclaves development tools needed to build enclave images. The development tools also includes some sample applications.

    $ sudo yum install aws-nitro-enclaves-cli-devel -y
  3. Add your user to the ne user group.

    $ sudo usermod -aG ne username
  4. Add your user to the docker user group.

    $ sudo usermod -aG docker username
  5. Verify that the Nitro CLI installed correctly.

    $ nitro-cli --version

    The command should return version information about the Nitro CLI.

  6. Preallocate the memory and the vCPUs that you intend to use for enclaves on the instance.

    Using your preferred text editor, open /etc/nitro_enclaves/allocator.yaml. For memory_mib and cpu_count, specify the overall amount of memory (in MiB) and the number of vCPUs that you want to dedicate for the use of enclaves. Save and close the file.

    Run the following command to allocate the resource specified in the file and to ensure that they are automatically allocated every time the instance starts.

    $ sudo systemctl start nitro-enclaves-allocator.service && sudo systemctl enable nitro-enclaves-allocator.service
    Note

    When you create an enclave, the requested memory and vCPUs must be less than or equal to the values that you specified here. If you need to create an enclave with more memory or vCPUs in the future, you must update the values in this file and restart the service.

  7. Start the Docker service and ensure that it starts every time the instance starts.

    $ sudo systemctl start docker && sudo systemctl enable docker