Skip to content

Commit afde935

Browse files
sunnywusunnywu
committed
1. Added a debug_mode config in secrets manager for aws ec2 start.sh to decide if we need to add --debug-mode param for nitro-cli command
2. When running --debug-mode param, also add --attach-console param Tested enabling it and on Core Service dashboard can see the attestation request with "AAAAAAAA...." enclave id to confirm it is running in enclave mode
1 parent 4e36633 commit afde935

File tree

2 files changed

+15
-2
lines changed

2 files changed

+15
-2
lines changed

scripts/aws/UID_CloudFormation.template.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -188,6 +188,7 @@ Resources:
188188
"enclave_cpu_count":6,
189189
"enclave_memory_mb":24576,
190190
"environment":"${DeployToEnvironment}"
191+
"debug_mode":"false"
191192
}'
192193
WorkerRole:
193194
Type: 'AWS::IAM::Role'

scripts/aws/start.sh

100644100755
Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -107,14 +107,26 @@ function run_config_server() {
107107
./bin/flask run --host 127.0.0.1 --port 27015 &
108108
}
109109

110+
function read_debug_mode_config() {
111+
DEBUG_MODE=$(aws secretsmanager get-secret-value --secret-id "$UID2_CONFIG_SECRET_KEY" | jq -r '.SecretString' | jq -r '.debug_mode')
112+
echo "Secrets Manager debug_mode config is set to $DEBUG_MODE"
113+
}
114+
115+
110116
function run_enclave() {
111-
echo "starting enclave..."
112-
nitro-cli run-enclave --eif-path $EIF_PATH --memory $MEMORY_MB --cpu-count $CPU_COUNT --enclave-cid $CID --enclave-name uid2operator
117+
if [ "$DEBUG_MODE" == "true" ]; then
118+
echo "starting enclave... --eif-path $EIF_PATH --memory $MEMORY_MB --cpu-count $CPU_COUNT --enclave-cid $CID --enclave-name uid2operator --debug-mode --attach-console"
119+
nitro-cli run-enclave --eif-path $EIF_PATH --memory $MEMORY_MB --cpu-count $CPU_COUNT --enclave-cid $CID --enclave-name uid2operator --debug-mode --attach-console
120+
else
121+
echo "starting enclave... --eif-path $EIF_PATH --memory $MEMORY_MB --cpu-count $CPU_COUNT --enclave-cid $CID --enclave-name uid2operator"
122+
nitro-cli run-enclave --eif-path $EIF_PATH --memory $MEMORY_MB --cpu-count $CPU_COUNT --enclave-cid $CID --enclave-name uid2operator
123+
fi
113124
}
114125

115126
terminate_old_enclave
116127
config_aws
117128
read_allocation
129+
read_debug_mode_config
118130
# update_allocation
119131
setup_vsockproxy
120132
setup_dante

0 commit comments

Comments
 (0)