AWS Confidential Computing

Data isolation

Protecting data in use

AWS confidential computing is always on. There is no mechanism for any AWS operator to access customers' Amazon Elastic Compute Cloud (Amazon EC2) instances within the AWS Nitro System.

Benefits

The Nitro System is built from the ground up, with no mechanism for operators to access customer content. The Nitro System consists of specialized components like AWS Nitro Cards, the AWS Nitro Security Chip, and the AWS Nitro Hypervisor.

The confidential computing protection for the Nitro System is inherent to any Nitro-based Amazon EC2 instance. Customers do not need to modify their code to get this protection.

AWS NitroTPM and AWS Nitro Enclaves allow customers to attest to system state, securely generate and manage cryptographic keys, and prove platform identity.

The Nitro System controls that prevent operator access are part of the AWS Service Terms, and the Nitro System has received independent affirmation of its confidential computing capabilities.

Confidential computing capabilities

Supporting the most demanding use cases

Nitro System

Provides confidentiality and isolation from AWS operators.

Learn more

Nitro Enclaves

Allows customers to create isolated compute environments to protect highly sensitive data from their own users and applications.

Learn more

NitroTPM

Allows customers to attest to the integrity of their instances by providing cryptographic proof.

Learn more

Memory encryption

Starting with AWS Graviton2, AMD EPYC (Milan), and Intel Xeon Scalable (Ice Lake) processors, instance memory is always encrypted. Instances that are enabled with AMD SEV-SNP use an instance-specific key for their memory encryption.

Use cases

Secure sensitive data
By design, there is no mechanism for any AWS operator to access an Amazon EC2 instance based on the Nitro System or to access data that customers send to a machine learning (ML) accelerator or GPU.
Using the cryptographic attestation capability of Nitro Enclaves, customers can set up multiparty collaboration, where several parties can join and process highly sensitive data without having to disclose or share the actual data to each individual party.
Using Nitro Enclaves, customers can further isolate highly sensitive data, such as personally identifiable information (PII), healthcare, financial, and intellectual property data from customers own users and software.