Nitro Enclaves Application development on Windows instances - AWS
Considerations for Windows instancesNitro Enclaves for Windows release notesSubscribe to notifications of new versions

Nitro Enclaves Application development on Windows instances

This section provides information for Nitro Enclaves application development on Windows instances.

Topics

Considerations for using Nitro Enclaves on a Windows parent instance

The EC2 parent instance and the enclaves operate as separate virtual machines. This means that each of them (the parent instance and all of its enclaves) must run its own operating system. The parent instance, supports both Linux and Windows (2016 and later) operating systems. However, the enclaves support only operating systems that support the Linux boot protocol. This means that even if you have a Windows parent instance, you must run a Linux environment inside your enclaves.

Supported operating systems

This also means that you must use a Linux-based instance to build your enclave image file (.eif).

Topics

    Keep the following in mind when using a Windows parent instance.

    Nitro Enclaves for Windows release notes

    This section describes Nitro Enclaves (for Windows) features, improvements, and bug fixes by release date.

    Release date version Updates and bug fixes
    July 24, 2024 1.2.3 The release updated the Nitro Enclaves for Windows installer to use WiX Toolset v5.
    October 18, 2023 1.2.2 The release improved installation of Nitro Enclaves for Windows and deprecated support for Windows Server 2012 R2.
    March 27, 2023 1.2.1 The release fixed a bug related to terminating multiple enclaves. This is the last version to support Windows Server 2012 R2.
    May 4, 2022 1.2.0

    The release added the following commands, arguments, and output for Nitro CLI:

    • Added pcr and describe-eif commands.

    • Added --enclave-name argument for run-enclave, console, and terminate-enclave commands.

    • Added --disconnect-timeout argument for console command.

    • Added --config argument and --attach-console flag to run-enclave command

    • Updated describe-enclaves and run-enclave commands to display EnclaveName.

    • Added --metadata flag to describe-enclaves command.

    The release added the following bug fixes and enhancements:

    • Improved Nitro CLI error messages.

    • Fixed bugs in vsock select() when it blocks or returns certain calls.

    • Fixed bug in vsock shutdown() on nonblocking sockets, which can result in connection reset errors.
    July 27, 2021 1.1.0

    The release added the following bug fixes and enhancements:

    • Improved vsock error codes and Nitro CLI error messages.

    • Improved vsock driver stability when enabling and disabling the vsock device.

    • Improved Nitro CLI efficiency during failed enclave startups.

    • Improved vsock-proxy stability.

    • Fixed the bug that prevented installation using SSM Distributor after a failed installation attempt.
    April 27, 2021 1.0 Initial release of Nitro Enclaves for Windows.

    Subscribe to notifications of new versions

    Amazon SNS can notify you when new versions of Nitro Enclaves for Windows are released. Use one of the following procedures to subscribe to these notifications.

    Amazon SNS console
    To subscribe to notifications using the Amazon SNS console

    1. Open the Amazon SNS console at https://console.aws.amazon.com/sns/v3/home.

    2. In the navigation bar, change the Region to US West (Oregon), if necessary. You must select this Region because the SNS notifications that you are subscribing to are in this Region.

    3. In the navigation pane, choose Subscriptions.

    4. Choose Create subscription.

    5. In the Create subscription dialog box, do the following:

      1. For Topic ARN, enter arn:aws:sns:us-west-2:404587003957:aws-nitro-enclaves-windows.

      2. For Protocol, choose Email.

      3. For Endpoint, type an email address that you can use to receive the notifications.

      4. Choose Create subscription.

    6. You'll receive a confirmation email. Open the email and follow the directions to complete your subscription.

    AWS Tools for PowerShell Core
    To subscribe to notifications using the Tools for Windows PowerShell

    Use the following command. 

    C:\> Connect-SNSNotification -TopicArn 'arn:aws:sns:us-west-2:404587003957:aws-nitro-enclaves-windows' -Protocol email -Region us-west-2 -Endpoint 'your_email_address'
    AWS Command Line Interface
    To subscribe to notifications using the AWS CLI

    Use the following command. 

    C:\> aws sns subscribe \
--topic-arn arn:aws:sns:us-west-2:404587003957:aws-nitro-enclaves-windows \
--protocol email \
--notification-endpoint your_email_address

    If you no longer want to receive these notifications, use the following procedure to unsubscribe.

    To unsubscribe to notifications using the Amazon SNS console

    1. Open the Amazon SNS console at https://console.aws.amazon.com/sns/v3/home.

    2. In the navigation bar, change the Region to US West (Oregon).

    3. In the navigation pane, choose Subscriptions.

    4. Select the check box for the subscription and then choose Delete. When prompted for confirmation, choose Delete.