AWS Custom Made!

There's generic hardware, and then there is AWS custom-made one, that is specifically designed for running workloads on AWS.
Join us to hear about the differences, the nuances and tips to leverage the most out of it.

18:00 - 18:30 - Gathering
18:30 - 19:00 - Running AWS Nitro Enclaves on Kubernetes: A Scalable Approach to Securing Sensitive Workloads
19:00 - 19:30 - TBD
19:30 - 20:00 - Mingeling
-----------------

Running AWS Nitro Enclaves on Kubernetes: A Scalable Approach to Securing Sensitive Workloads

AWS Nitro Enclaves are a powerful tool to create isolated compute environments, making it possible to protect highly sensitive data within EC2 instances.
While Kubernetes has become the de facto standard for container orchestration, integrating enclaves into this ecosystem presents a unique set of challenges - the same isolation that makes enclaves secure also makes them difficult to manage.
How does Kubernetes handle workloads it can’t communicate with? How can it track enclave resources or manage their lifecycle effectively?
In this talk, we’ll explain how we used existing Kubernetes features such as Extended Resources, Probes and Taints/Tolerations to address these challenges. Our approach allows regular Kubernetes Pods to create and manage Nitro Enclaves as part of their lifecycle. This enabled us to run sensitive production workloads securely and at scale, without introducing custom tooling or overengineering the solution.
We’ll share the practical insights we gained throughout this journey, and how these lessons can be applied in real-world environments.

By
Boris Avney - Senior DevOps Engineer, Fireblocks
Roey Ashkenazy - Senior DevOps Engineer, Fireblocks