Design: Rust Application in AWS Nitro Enclave
Overview
A test application that runs a Rust program inside an AWS Nitro Enclave with network and disk I/O capabilities proxied through the host.
Architecture
The system consists of two Rust applications:
Enclave Application
- Runs inside the Nitro Enclave (isolated environment)
- Performs application logic
- Sends requests for network and disk operations via vsock
Host Proxy
- Runs on the EC2 parent instance
- Listens for vsock connections from the enclave
- Executes network requests (HTTP) on behalf of the enclave
- Executes disk write operations on behalf of the enclave
- Returns results to the enclave
Communication
The enclave and host communicate over vsock (virtio-socket):
- Enclave sends network/disk operation requests to host
- Host performs the operation and returns the response
- Protocol uses request/response message format with error handling
Design: Rust Application in AWS Nitro Enclave
Overview
A test application that runs a Rust program inside an AWS Nitro Enclave with network and disk I/O capabilities proxied through the host.
Architecture
The system consists of two Rust applications:
Enclave Application
Host Proxy
Communication
The enclave and host communicate over vsock (virtio-socket):