vincentarthur/privacy-computing-tee-on-eks

Background

This repository focuses on using Nitro Enclaves (Trust Execution Environment) of Amazon Web Services to implement privacy data computing and collaboration.

Below cloud services from Amazon Web Services will be involved:

• Amazon EKS
• AWS Nitro Enclaves
• AWS KMS
• AWS VPC
• IAM
• AWS ECR
• CDK (deployment toolkit)

In this repo, it will be split into below sections:

• Prerequisites
• EKS Deployment
• Hello World App demo
• Nitro Enclave and KMS Integration Demo
• Medical Image Diagnosis Demo
  • Single AWS Account
  • Multiple AWS Account

Please follow below sections to start and experience.

---

Prerequisites

• 01. Create IAM Role for Workshop Deployment
• 02. Cloud9 Environment creation
• 03. Cloud9 IAM modification
• 04. Cloud9 Environment Setup
• 05. Checkout Source Code

EKS Preparation

• 01. IRSA Creation
• 02. Deployment Configure Update
• 03, Deploy EKS

Simple Examples

• 01. Hello World
• 02. KMS Integration
• 03. Clean Up

[Single AWS Account] Medical Image Diagnosis

• 01. Base Image Creation
• 02. Create KMS Key for Model
• 03. Build Server App
• 04. Build Client App
• 05. Manual Trigger

[Multiple AWS Accounts] Medical Image Diagnosis

• 01. ECR Replication Setup
• 02. Data Owner Setup IRSA
• 03. Data Owner Creates Data KMS Key
• 04. Tech Provider Creates Model KMS Key
• 05. Tech Provider Builds Server app
• 06. Data Owner Updates IAM Policy
• 07. Data Owner Builds Env
• 08. Data Owner Builds Apps
• 09. Data Owner Triggers Inference
• 10. Add PCR0 for Cryptographic Attestation

[Multiple AWS Accounts] Medical Image Diagnosis - With WebUI

• 01. ECR Replication Setup
• 02. Data Owner Setup IRSA
• 03. Data Owner Creates Data KMS Key
• 04. Tech Provider Creates Model KMS Key
• 05. Tech Provider Builds Server app
• 06. Data Owner Updates IAM Policy
• 07. Data Owner Builds Env
• 08. Data Owner Builds Apps
• 09. Data Owner Triggers Inference
• 10. Add PCR0 for Cryptographic Attestation

Summary

• Summary
• FAQ
• Cleanup