Amazon KMS condition keys for Amazon Nitro Enclaves
Amazon Nitro Enclaves is an Amazon EC2 capability that lets you create isolated compute environments called enclaves to protect and process highly sensitive data. Amazon KMS provides condition keys to support Amazon Nitro Enclaves. These conditions keys work only when a request for an Amazon KMS operation originates in an enclave.
When you call the kms-decrypt
, kms-generate-data-key
, or
kms-generate-random
Amazon Nitro Enclaves SDK APIs from an enclave, these APIs
call the corresponding Amazon KMS operation with a parameter that includes a signed attestation
document from the enclave. The signed attestation document proves the enclave's
identity to Amazon KMS.
The following condition keys let you limit the permissions for these operations based on the contents of the signed attestation document. Before allowing an operation, Amazon KMS compares the attestation document from the enclave to the values in these Amazon KMS condition keys.
kms:RecipientAttestation:ImageSha384
Amazon KMS Condition Keys | Condition Type | Value type | API Operations | Policy Type |
---|---|---|---|---|
|
String |
Single-valued |
|
Key policies and IAM policies |
The kms:RecipientAttestation:ImageSha384
condition key allows
kms-decrypt
, kms-generate-data-key
, and
kms-generate-random
requests from an enclave only when the image hash from
the signed attestation document in the request matches the value in the condition key. The
ImageSha384
value corresponds to PCR[0] in the attestation document. This
condition key is effective only when you call the Amazon Nitro Enclaves SDK APIs from an
enclave.
This condition key is valid in key policy statements and IAM policy statements even though it does not appear in the IAM console or the IAM Service Authorization Reference.
For example, the following key policy statement allows the data-processing
role to use the KMS key for the kms-decrypt
(Decrypt), kms-generate-data-key
(GenerateDataKey), and
kms-generate-random
(GenerateRandom) operations. The kms:RecipientAttestation:ImageSha384
condition key allows the operations only when the image hash value (PCR[0]) of the
attestation document in the request matches the image hash value in the condition.
If the request doesn't include any attestation document, permission is denied because this condition isn't satisfied.
{ "Sid" : "Enable enclave data processing", "Effect" : "Allow", "Principal" : { "AWS" : "arn:aws:iam::111122223333:role/data-processing" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey", "kms:GenerateRandom" ], "Resource" : "*", "Condition": { "StringEqualsIgnoreCase": { "kms:RecipientAttestation:ImageSha384": "9fedcba8abcdef7abcdef6abcdef5abcdef4abcdef3abcdef2abcdef1abcdef1abcdef0abcdef1abcdef2abcdef3abcdef4abcdef5abcdef6abcdef7abcdef99" } } }
kms:RecipientAttestation:PCR<PCR_ID>
Amazon KMS Condition Keys | Condition Type | Value type | API Operations | Policy Type |
---|---|---|---|---|
|
String |
Single-valued |
|
Key policies and IAM policies |
The kms:RecipientAttestation:PCR<PCR_ID>
condition key allows
kms-decrypt
, kms-generate-data-key
, and
kms-generate-random
requests from an enclave only when the platform
configuration registers (PCRs) from the signed attestation document in the request match the
PCRs in the condition key. This condition key is effective only when you call the Amazon
Nitro Enclaves SDK APIs from an enclave.
This condition key is valid in key policy statements and IAM policy statements even though it does not appear in the IAM console or the IAM Service Authorization Reference.
To specify a PCR value, use the following format. Concatenate the PCR ID to the condition key name. The PCR value must be a lower-case hexadecimal string of up to 96 bytes.
"kms:RecipientAttestation:PCR
PCR_ID
": "PCR_value
"
For example, the following condition key specifies a particular value for PCR[1], which corresponds to the hash of the kernel used for the enclave and the bootstrap process.
kms:RecipientAttestation:PCR1: "0x1abcdef2abcdef3abcdef4abcdef5abcdef6abcdef7abcdef8abcdef9abcdef8abcdef7abcdef6abcdef5abcdef4abcdef3abcdef2abcdef1abcdef0abcde"
The following example key policy statement allows the data-processing
role
to use the KMS key for the kms-decrypt
(Decrypt) operation.
The kms:RecipientAttestation:PCR
condition key in this statement allows the
operation only when the PCR1 value in the signed attestation document in the request matches
kms:RecipientAttestation:PCR1
value in the condition. Use the
StringEqualsIgnoreCase
policy operator to require a case-insensitive
comparison of the PCR values.
If the request doesn't include an attestation document, permission is denied because this condition isn't satisfied.
{ "Sid" : "Enable enclave data processing", "Effect" : "Allow", "Principal" : { "AWS" : "arn:aws:iam::111122223333:role/data-processing" }, "Action": "kms:Decrypt", "Resource" : "*", "Condition": { "StringEqualsIgnoreCase": { "kms:RecipientAttestation:PCR1": "0x1de4f2dcf774f6e3b679f62e5f120065b2e408dcea327bd1c9dddaea6664e7af7935581474844767453082c6f1586116376cede396a30a39a611b9aad7966c87" } } }