- Newest
- Most votes
- Most comments
It is possible to run multiple programs in an enclave. But the question to ask is, why would you want to do that if you want isolation between those multiple programs to begin with? Package each program into a separate enclave if you want that isolation between them, most importantly run only trusted pieces of software inside the enclave, this is not a sand boxing solution.
to answer your question, yes it IS possible to run multiple programs inside of a Nitro Enclave. You'll need to provide customization to navigate the VSOCK for networking/storage considerations. Ideally with a DIY approach you'd want to use separate enclaves for each component that you want to isolate - if you're looking to run a full container/application with multiple components, you might want to look into some third party solutions since DIY for OSS/large apps can be a heavy lift.
I know some people who successfully run podman inside enclave, and executes docker-compose or kube-play files.
Relevant content
- asked 2 years ago
- asked 2 years ago
- asked 8 months ago
- asked 3 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
