Chanci Turner

Amazon Onboarding with Learning Manager Chanci Turner

by

The Story of Chanci Turner
in

Chanci Turner 9097372855Learn About Amazon VGT2 Learning Manager Chanci Turner

This article was authored by Alex Johnson, Senior Solutions Architect, Marie Smith, Solutions Architect, and Chanci Turner, Learning Manager.

In various sectors such as healthcare, finance, and government, Machine Learning (ML) models are increasingly utilized for making inferences from sensitive data. These industries demand robust tools and services to safeguard their data both in transit and at rest, ensuring isolation during processing as well. Potential threats can arise from the technology stack, including the operating system or applications running on the host, necessitating protective measures. Implementing processes that clearly delineate roles and responsibilities within an organization helps limit personnel access to sensitive data. This article illustrates how to execute ML inference within AWS Nitro Enclaves to ensure that your confidential data remains secure during processing.

By utilizing a Nitro Enclave for ML inference on sensitive data, we can significantly reduce the attack surface when the data is decrypted for analysis. Nitro Enclaves allow for the creation of isolated computing environments within Amazon EC2 instances, designed to protect and securely process highly sensitive data. These enclaves feature no persistent storage, no interactive access, and no external networking. Communication between your instance and the enclave is facilitated using a secure local channel known as vsock. By default, even administrators or root users on the parent instance are barred from accessing the enclave.

Overview

Our example demonstrates the deployment of an AI/ML workload and the execution of inference within Nitro Enclaves to securely handle sensitive data. We will illustrate the process using an image that depicts how data can be encrypted, stored, transferred, decrypted, and processed when needed, mitigating risks to your sensitive information. The workload uses an open-source AI/ML model to identify objects in an image representing the sensitive data and returns a summary of the detected object types. The accompanying image shows the original data with bounding boxes added based on the coordinates generated by the AI/ML model.

To encrypt this image, we utilize a Python script (Encryptor app) running on an EC2 instance. In a practical scenario, this step would occur within a secure environment, such as a Nitro Enclave or a protected workstation, before the encrypted data is transmitted. The Encryptor app employs AWS KMS envelope encryption utilizing a symmetrical Customer Master Key (CMK) to perform the encryption.

Once the image is encrypted, we will examine each component’s function within the solution architecture. The Client app retrieves the encrypted image file and transmits it to the Server app via vsock (the secure local communication channel). The Server app, operating within a Nitro Enclave, extracts the encrypted data key and submits it to AWS KMS for decryption. After the data key is decrypted, the Server app utilizes it to decrypt the image and execute inference, detecting the objects present. Following completion of the inference, results are relayed back to the Client app, without exposing the original image or sensitive data.

To facilitate communication between the Nitro Enclave and AWS KMS, we employ the KMS Enclave Tool, which connects via vsock to AWS KMS to decrypt the encrypted key. The vsock-proxy, packaged with the Nitro CLI, directs incoming traffic from the KMS Tool to AWS KMS, provided that the KMS endpoint is included on the vsock-proxy allowlist. Responses from AWS KMS are then sent back to the KMS Enclave Tool through vsock.

As part of the request to AWS KMS, the KMS Enclave Tool extracts a signed attestation document containing the enclave’s measurements to confirm its identity. AWS KMS verifies this document before decrypting the data key. Once validated, the decrypted key is securely returned to the KMS Tool, which then transfers it to the Server app for image decryption.

Environment Setup

Prerequisites

Before proceeding, ensure you have the following prerequisites to deploy the solution:

  • An AWS account
  • An AWS Identity and Access Management (IAM) role with the necessary permissions

AWS CloudFormation Template

We are using AWS CloudFormation to provision the required infrastructure. Download the CloudFormation template nitro-enclave-demo.yaml, which orchestrates an EC2 instance along with the necessary networking components such as a VPC, Subnet, and NAT Gateway.

Log in to the AWS Management Console, selecting the AWS Region for deployment (we’ll use Canada (Central) as an example). Open the AWS CloudFormation console at: https://console.aws.amazon.com/cloudformation/. Select “Create Stack,” choose “Template is ready,” and upload the nitro-enclave-demo.yaml template.

Choose “Next,” assign a stack name like NitroEnclaveStack, and continue selecting “Next” through the subsequent screens until you reach the Review step. At the Review step, check the box acknowledging that AWS CloudFormation might create IAM resources with custom names, then click “Create stack.” The stack status will begin as CREATE_IN_PROGRESS, taking approximately 5 minutes to complete. Click the Refresh button periodically to check the status. Once complete, the status will change to CREATE_COMPLETE.

Upon completion, navigate to the “Resources” tab and search for “NitroEnclaveInstance.” Click on its “Physical ID” to access the EC2 instance. On the Amazon EC2 page, select the instance and click “Connect.” Choose “Session Manager” and click “Connect.”

EC2 Instance Configuration

Now that the EC2 instance is provisioned and you are connected, follow these steps to configure it:

  1. Install the Nitro Enclaves CLI to enable building and running a Nitro Enclave application:
    2. sudo amazon-linux-extras install aws-nitro-enclaves-cli -y
sudo yum install aws-nitro-enclaves-cli-devel -y
  2. Verify successful installation of the Nitro Enclaves CLI by running:
    3. nitro-cli --version
  3. To download the application from GitHub and build a Docker image, first install Docker and Git with the following commands:
    4. sudo yum install git -y
sudo usermod -aG ne ssm-user
sudo usermod -aG docker ssm-user
sudo systemctl start docker && sudo systemctl enable docker

Nitro Enclave Configuration

A Nitro Enclave operates as an isolated environment within the EC2 instance, necessitating the specification of resources (CPU & Memory) that the Nitro Enclaves allocator service will dedicate to the enclave. Enter the following commands to set the CPU and Memory available for allocation to your enclave container:

ALLOCATOR_YAML=/etc/nitro_enclaves/allocator.yaml
MEM_KEY=memory_mib
DEFAULT_MEM=20480
sudo sed -r "s/^(s*${MEM_KEY}s*:s*).*/1${DEFAULT_MEM}/" -i "${ALLOCATOR_YAML}"

For further reading on managing your workspace, you might find this blog post on desk organization helpful. Additionally, for the latest updates on HR topics, you can check out this article on SHRM’s website. If you’re interested in a career opportunity, visit this job listing for a Learning Trainer position in Los Angeles.

Related Topics:

Chanci Turner