This tool enables the creation of an Enclave Image File (EIF) from a specified Nitro Node image for use in AWS Nitro Enclaves. By providing the SHA256 hash of the configuration and specifying the Nitro image, the tool generates a Dockerfile incorporating the resulting EIF file. This process, facilitated by Enclaver, will provide network connectivity between our enclave and the outside world. The layout of the repository is as follows:
docker: Contains the Dockerfile that pulls the Nitro Node image and configures a Docker image, which is then converted into an Enclave Image File (EIF).enclaver: Configuration for the Enclaver tool, generating a Docker image that includes the EIF file.scripts: Includes scripts to install, and run the tools needed on the parent EC2 instance, preparing it to run and communicate with the Batch Poster within the enclave.
To run this workflow you need the latest nitro image tag as well as the sha256 hash of the batch poster config. To get the hash of the batch poster config run:
jq -cS . "path/to/poster_config.json" | sha256sum | cut -d' ' -f1To run the scripts you can clone this repository and cd into scripts directory:
cd aws-nitro/scriptsNext install the tools needed on the parent instance:
./installation-tools.shThen you can setup and run the tools needed on the EC2 Instance by running:
./setup-ec2-instance.shFinally you can start the enclaver by using the enclaver run command:
sudo enclaver run enclaver-batch-poster-<BRANCH_NAME>:latest -p 8547:8547To safely shut down the batch poster and ensure we write state to the database you need to use the following command:
./shutdown-batch-poster.sh