Nitrogen - a tool for deploying web services to AWS Nitro Enclaves

Overview
Nitrogen logo

Nitrogen CLI

Discord

Nitrogen is a tool for deploying web services to AWS Nitro Enclaves. Given a dockerfile and an ssh key, Nitrogen will spin up an EC2, configure the network, and build and deploy your web service. You get back a hostname that’s ready to go. Nitrogen is fully open source and it comes with pre-built scripts for deploying popular services like Nginx, Redis, and MongoDB.

Install

Nitrogen can easily be installed with the following:

For Linux or Mac:

$ curl -fsSL https://raw.githubusercontent.com/capeprivacy/nitrogen/main/install.sh | sh

For Windows Powershell

$ iex (irm https://raw.githubusercontent.com/capeprivacy/nitrogen/main/install.ps1)

Note: An AWS account is required. If you have AWS cli configured you can retrieve your credentials with cat ~/.aws/credentials. See troubleshooting if your AWS account uses MFA

export AWS_ACCESS_KEY_ID=<YOUR ACCESS KEY>
export AWS_SECRET_ACCESS_KEY=<YOUR SECRET>

Commands

  • nitrogen setup
  • nitrogen build
  • nitrogen deploy
  • nitrogen logs
  • nitrogen delete

Features

  • Spins up any enclave supported EC2 instance type (with Nitro Enclaves enabled)
  • Creates a security group for a specified port.
  • Sets up SSH.
  • Runs a socat proxy from public internet (TCP) into the nitro enclave (VSOCK).
  • Builds any Dockerfile into an Enclave Image File (EIF).
  • Deploys any EIF and launches a nitro enclave.

Examples

Nginx Example

INFO nitrogen: User enclave information: name="nitrogen-test" instance_id="i-07daa284594ff02bc" public_ip="44.197.181.14" availability_zone="us-east-1b" public_dns="ec2-44-197-181-14.compute-1.amazonaws.com"">
$ nitrogen setup nitrogen-test ~/.ssh/id_rsa.pub --instance-type m5n.16xlarge
>  INFO nitrogen: Spinning up enclave instance 'nitrogen-test'.
>  INFO nitrogen::commands::setup: Successfully created enclave instance. stack_id="arn:aws:cloudformation:us-east-1:657861442343:stack/nitrogen-test/c93c7c80-5581-11ed-8a2b-0e2f3ffeccf1"
>  INFO nitrogen: User enclave information: name="nitrogen-test" instance_id="i-07daa284594ff02bc" public_ip="44.197.181.14" availability_zone="us-east-1b" public_dns="ec2-44-197-181-14.compute-1.amazonaws.com"
$ nitrogen build examples/nginx/
> Filename: nitrogen.eif
$ nitrogen deploy nitrogen-test ~/.ssh/id_rsa
> EIF is now running public_dns="ec2-1-234-56-789.compute-1.amazonaws.com:5000"
$ curl http://ec2-1-234-56-789.compute-1.amazonaws.com:5000/
> <!DOCTYPE html>
<html>
    <head>
        <title>Hello Nitrogen!</title>
    </head>
</html>

Nginx TLS Examples

See here.

Troubleshooting

If you have permissions issues and your aws account has MFA enabled then attempt to use a session token before running setup.

aws sts get-session-token --serial-number arn:aws:iam:::mfa/ --token-code 

Export the values printed from the above command:

export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=
export AWS_SESSION_TOKEN=

You can also use a helper script in this library called sts.sh. Warning: this will unset any AWS environment variables related to auth that you have already set in your shell.

. sts.sh   

If you wish to deploy the enclave in debug mode, use the "--debug-mode" flag during deploy. You can then log into the instance and view the enclave console, or use the nitrogen logs command.

Contributors

Thank you to @kalebpace for contributing the name for the nitrogen crate.

You might also like...
Ref Arch: Serverless GraphQL in Rust on AWS
Ref Arch: Serverless GraphQL in Rust on AWS

A Whole Hog Reference Architecture for an Apollo Federation-Ready, Serverless, Rust-Based GraphQL Microservice on AWS using Cloud Development Kit (CDK)

cargo-lambda a Cargo subcommand to help you work with AWS Lambda

cargo-lambda cargo-lambda is a Cargo subcommand to help you work with AWS Lambda. This subcommand compiles AWS Lambda functions natively and produces

cargo-lambda is a Cargo subcommand to help you work with AWS Lambda.

cargo-lambda cargo-lambda is a Cargo subcommand to help you work with AWS Lambda. The new subcommand creates a basic Rust package from a well defined

A Rust runtime for AWS Lambda

Rust Runtime for AWS Lambda This package makes it easy to run AWS Lambda Functions written in Rust. This workspace includes multiple crates: lambda-ru

Managing schema for AWS Athena in GitOps-style

athena-rs Managing AWS Athena Schemas Installation $ cargo install --git https://github.com/duyet/athena-rs $ athena --help athena 0.1.0 Duyet [email protected]

Dr-dotnet - 🩺 One-click diagnosis of your dotnet applications. Works both locally or remotely as a web service

Dr-dotnet - 🩺 One-click diagnosis of your dotnet applications. Works both locally or remotely as a web service. Based on the lowest level dotnet profiling APIs and using the rust language 🦀 for a minimal runtime penalty.

Rate limit middleware for poem web framework

Rate limit middleware for Poem framework Usage Check examples, poem-ratelimit is available on crates.io. A yaml configuration file is used to set limi

image url web-scrapper written in rust

imgs - CLI Webscrapper image url web-scrapper written in rust This is a cli application completely written in rust, it aim is to scrap image-url from

Manage self-hosted Supabase instances with an easy to use API & Web Portal (soon)

SupaManager A project by Harry Bairstow; Manage self-hosted Supabase instances with an easy to use API & Web Portal (soon) ⚠️ Note: The project is in

Comments
  • Support for arm architecture during releasing

    Support for arm architecture during releasing

    The tool we're using for releasing binaries doesn't support arm architecture on windows, linux or macos. We'll have to build up our own custom actions to build and then upload them to the release. We should be able to learn a few things from the action we're already using: https://github.com/rust-build/rust-build.action

    opened by justin1121 3
  • Add ability to turn on debug mode on the enclave

    Add ability to turn on debug mode on the enclave

    There's a flag in nitro-cli that enables the enclave to be debugged. We should add a flag to nitrogen to enable this. The flag is --debug-mode. Along with this we should consider adding tips on how to debug enclaves.

    opened by justin1121 1
  • Fix Dockerfile inference in nitrogen::build

    Fix Dockerfile inference in nitrogen::build

    Fixes the nitrogen::build command to look for the Dockerfile in the provided dockerfile_dir argument. Also adds a few slightly better log/error messages elsewhere

    opened by jvmncs 0
  • pull utility functions into a common module

    pull utility functions into a common module

    we've started using the cloudformation helpers from setup in a few different places, and I could see this continuing in the future for other commands (e.g. w/ #26). it might be more maintainable to pull out cloudformation utilities (and maybe even the various ssh commands) into a shared module

    opened by jvmncs 1
Releases(v0.2.4)
Owner
Cape Privacy
Confidential Computing by Default
Cape Privacy
Aws-sdk-rust - AWS SDK for the Rust Programming Language

The AWS SDK for Rust This repo contains the new AWS SDK for Rust (the SDK) and its public roadmap. Please Note: The SDK is currently released as a dev

Amazon Web Services - Labs 2k Dec 2, 2022
A tool to run web applications on AWS Lambda without changing code.

AWS Lambda Adapter A tool to run web applications on AWS Lambda without changing code. How does it work? AWS Lambda Adapter supports AWS Lambda functi

AWS Samples 276 Dec 1, 2022
Remote Secret Editor for AWS Secret Manager

Barberousse - Remote Secrets Editor About Usage Options Printing Editing Copying RoadMap 1.0 1.1 Future About A project aimed to avoid downloading sec

Mohamed Zenadi 18 Sep 28, 2021
Rust client for AWS Infinidash service.

AWS Infinidash - Fully featured Rust client Fully featured AWS Infinidash client for Rust applications. You can use the AWS Infinidash client to make

Rafael Carício 15 Feb 12, 2022
Rusoto is an AWS SDK for Rust

Rusoto is an AWS SDK for Rust You may be looking for: An overview of Rusoto AWS services supported by Rusoto API documentation Getting help with Rusot

null 2.6k Dec 5, 2022
Easy switch between AWS Profiles and Regions

AWSP - CLI To Manage your AWS Profiles! AWSP provides an interactive terminal to interact with your AWS Profiles. The aim of this project is to make i

KubeOps Skills 13 Nov 10, 2022
Simple fake AWS Cognito User Pool API server for development.

Fakey Cognito ?? Homepage Simple fake AWS Cognito API server for development. ✅ Implemented features AdminXxx on User Pools API. Get Started # run wit

naokirin 4 Aug 30, 2022
Postgres proxy which allows tools that don't natively supports IAM auth to connect to AWS RDS instances.

rds-iamauth-proxy rds-proxy lets you make use of IAM-based authentication to AWS RDS instances from tools that don't natively support that method of a

Gold Fig Labs Inc. 10 Nov 7, 2022
Cookiecutter templates for Serverless applications using AWS SAM and the Rust programming language.

Cookiecutter SAM template for Lambda functions in Rust This is a Cookiecutter template to create a serverless application based on the Serverless Appl

AWS Samples 24 Nov 11, 2022
📦 🚀 a smooth-talking smuggler of Rust HTTP functions into AWS lambda

lando ?? maintenance mode ahead ?? As of this announcement AWS not officialy supports Rust through this project. As mentioned below this projects goal

Doug Tangren 68 Dec 7, 2021