Can I connect to dynamodb ?

Question

Can I connect to dynamodb ?

PabasaraDilshan opened this issue a year ago · 6 comments

PabasaraDilshan commented a year ago

I need to connect to dynamodb from the enclave to get and save data from the db. How can I do that?

Answer 1 · 2023-12-19T16:16:12.000Z

Hi @PabasaraDilshan,

I need the same.

What I did was adding an entry in /etc/nitro_enclaves/vsock-proxy.yaml, like this:

- {address: dynamodb.eu-central-1.amazonaws.com, port: 443}

Then re-start the vproxy, but I had not much luck. Maybe I did it in a wrong way. Have you tried that?

Thanks

Answer 2 · 2023-12-19T17:18:14.000Z

Hi @Xavina
I just written a service on parent instance to connect with the enclave via vsock and get and save data to dynamodb.

Answer 3 · 2023-12-20T10:00:38.000Z

Hi @PabasaraDilshan,

Yes, we did the same, a process in the EC2 host that communicates with the enclave through the vSock to send the Encrypted data, then the Enclave Decrypts it and returns back the Decrypted data to be stored in DynamoDB by the host.

We tried to communicate with DynamoDB from the Enclave, but looks like to not be possible at all, I guess it makes sense per design.

Thanks!

Answer 4 · 2024-03-05T17:58:00.000Z

Hi @Xavina, hi @PabasaraDilshan,

The enclave can directly communicate with any AWS service using the provided vsock-proxy.
In this example I'm using viproxy to tunnel out the https connection required for AWS DynamoDB connection.
https://github.com/aws-samples/nitro-enclave-blockchain-wallet-on-eks/blob/main/applications/ethereum-signer/cmd/key-generator_enclave/run.sh#L13-L19

Please let me know if that example helps.

Cheers

Answer 5 · 2024-03-06T11:11:25.000Z

Hi @dpdornseifer !!!

Super thanks for the sample I'll give it a try!!!

Thanks!

Answer 6 · 2024-03-13T11:34:22.000Z

Perfect @Xavina, let me know if you are facing any issues.

Cheers