Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue, please leave a comment
Tell us about your request
What do you want us to build?
Support for AWS KMS client with Nitro Enclaves.
Currently, this is possibly in the AWS Nitro Enclaves C SDK (aws_nitro_enclaves_kms_client_new): https://github.com/aws/aws-nitro-enclaves-sdk-c/blob/main/include/aws/nitro_enclaves/kms.h
It'd be good to have a plain Rust version in the AWS Rust SDK.
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
What outcome are you trying to achieve, ultimately, and why is it hard/impossible to do right now? What is the impact of not having this problem solved? The more details you can provide, the better we'll be able to understand and solve the problem.
Trying to call AWS KMS API with additional attestation payload produced in AWS Nitro Enclaves.
Right now, the AWS KMS API requests need to be send via vsock, because Nitro Enclaves don't allow other forms of I/O.
Building the AWS NE C SDK is rather complex: https://github.com/aws/aws-nitro-enclaves-sdk-c#dependencies
(in comparison to plain Rust projects)
Are you currently working around this issue?
How are you currently solving this problem?
Using the C SDK: https://github.com/aws/aws-nitro-enclaves-sdk-c
and this wrapper crate: https://crates.io/crates/aws-ne-sys
Additional context
Anything else we should know?
Original issue:
rusoto/rusoto#1858
Attachments
If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)