AWS KMS condition keys for AWS Nitro Enclaves
AWS Nitro Enclaves is an Amazon EC2 capability that lets you create isolated compute environments called enclaves to protect and process highly sensitive data. AWS KMS provides condition keys to support AWS Nitro Enclaves. These conditions keys are effective only for requests to AWS KMS for a Nitro Enclave.
When you call the Decrypt, DeriveSharedSecret, GenerateDataKey, GenerateDataKeyPair, or GenerateRandom API operations with the signed attestation document from an enclave, these APIs encrypt the plaintext in the response under the public key from the attestation document, and return ciphertext instead of plaintext. This ciphertext can be decrypted only by using the private key in the enclave. For more information, see How AWS Nitro Enclaves uses AWS KMS.
The following condition keys let you limit the permissions for these operations based on the contents of the signed attestation document. Before allowing an operation, AWS KMS compares the attestation document from the enclave to the values in these AWS KMS condition keys.
kms:RecipientAttestation:ImageSha384
AWS KMS Condition Keys | Condition Type | Value type | API Operations | Policy Type |
---|---|---|---|---|
|
String |
Single-valued |
|
Key policies and IAM policies |
The kms:RecipientAttestation:ImageSha384
condition key controls
access to Decrypt
, DeriveSharedSecret
, GenerateDataKey
,
GenerateDataKeyPair
, and GenerateRandom
with a KMS key
when the image digest from the signed attestation document in the request matches
the value in the condition key. The ImageSha384
value corresponds to
PCR0 in the attestation document. This condition key is effective only when the
Recipient
parameter in the request specifies a signed attestation
document for an AWS Nitro enclave.
This value is also included in CloudTrail events for requests to AWS KMS for Nitro enclaves.
Note
This condition key is valid in key policy statements and IAM policy statements even though it does not appear in the IAM console or the IAM Service Authorization Reference.
For example, the following key policy statement allows the
data-processing
role to use the KMS key for Decrypt, DeriveSharedSecret, GenerateDataKey, GenerateDataKeyPair, and
GenerateRandom
operations. The kms:RecipientAttestation:ImageSha384
condition key
allows the operations only when the image digest value (PCR0) of the attestation
document in the request matches the image digest value in the condition. This
condition key is effective only when the Recipient
parameter in the
request specifies a signed attestation document for an AWS Nitro enclave.
If the request does not include a valid attestation document from an AWS Nitro enclave, permission is denied because this condition is not satisfied.
{ "Sid" : "Enable enclave data processing", "Effect" : "Allow", "Principal" : { "AWS" : "arn:aws:iam::111122223333:role/data-processing" }, "Action": [ "kms:Decrypt", "kms:DeriveSharedSecret", "kms:GenerateDataKey", "kms:GenerateDataKeyPair", "kms:GenerateRandom" ], "Resource" : "*", "Condition": { "StringEqualsIgnoreCase": { "kms:RecipientAttestation:ImageSha384": "9fedcba8abcdef7abcdef6abcdef5abcdef4abcdef3abcdef2abcdef1abcdef1abcdef0abcdef1abcdef2abcdef3abcdef4abcdef5abcdef6abcdef7abcdef99" } } }
kms:RecipientAttestation:PCR<PCR_ID>
AWS KMS Condition Keys | Condition Type | Value type | API Operations | Policy Type |
---|---|---|---|---|
|
String |
Single-valued |
|
Key policies and IAM policies |
The kms:RecipientAttestation:PCR<PCR_ID>
condition key controls
access to Decrypt
, DeriveSharedSecret
, GenerateDataKey
,
GenerateDataKeyPair
, and GenerateRandom
with a KMS key
only when the platform configuration registers (PCRs) from the signed attestation
document in the request match the PCRs in the condition key. This condition key is
effective only when the Recipient
parameter in the request specifies a
signed attestation document from an AWS Nitro enclave.
This value is also included in CloudTrail events that represent requests to AWS KMS for Nitro enclaves.
Note
This condition key is valid in key policy statements and IAM policy statements even though it does not appear in the IAM console or the IAM Service Authorization Reference.
To specify a PCR value, use the following format. Concatenate the PCR ID to the condition key name. The PCR value must be a lower-case hexadecimal string of up to 96 bytes.
"kms:RecipientAttestation:PCR
PCR_ID
": "PCR_value
"
For example, the following condition key specifies a particular value for PCR1, which corresponds to the hash of the kernel used for the enclave and the bootstrap process.
kms:RecipientAttestation:PCR1: "0x1abcdef2abcdef3abcdef4abcdef5abcdef6abcdef7abcdef8abcdef9abcdef8abcdef7abcdef6abcdef5abcdef4abcdef3abcdef2abcdef1abcdef0abcde"
The following example key policy statement allows the data-processing
role to use the KMS key for the Decrypt operation.
The kms:RecipientAttestation:PCR
condition key in this statement allows the
operation only when the PCR1 value in the signed attestation document in the request matches
kms:RecipientAttestation:PCR1
value in the condition. Use the
StringEqualsIgnoreCase
policy operator to require a case-insensitive
comparison of the PCR values.
If the request does not include an attestation document, permission is denied because this condition is not satisfied.
{ "Sid" : "Enable enclave data processing", "Effect" : "Allow", "Principal" : { "AWS" : "arn:aws:iam::111122223333:role/data-processing" }, "Action": "kms:Decrypt", "Resource" : "*", "Condition": { "StringEqualsIgnoreCase": { "kms:RecipientAttestation:PCR1": "0x1de4f2dcf774f6e3b679f62e5f120065b2e408dcea327bd1c9dddaea6664e7af7935581474844767453082c6f1586116376cede396a30a39a611b9aad7966c87" } } }