AWS re:Invent 2025 - Innovating with AWS Confidential Computing: An Integrated Approach (CMP407)

Innovating with AWS Confidential Computing: An Integrated Approach

Protecting Sensitive Data in Use

• Confidential computing is the ability to protect data while it is being processed in memory.
• Customers want to protect sensitive data from the cloud provider (AWS) and from themselves (their own operators).
• Key data types that require confidential computing include:
  • Personally identifiable information (PII)
  • Protected healthcare information
  • Financial assets and digital assets
  • Sensitive intellectual property and models

AWS's Approach to Confidential Computing

Isolating from AWS Operators

• AWS has reimagined virtualization with the Nitro system, which abstracts virtualization functions into separate hardware components.
• This creates a natural isolation between the host and the customer instances, ensuring AWS operators have no access to customer content.
• Nitro-based EC2 instances provide "always-on" confidential computing at no additional cost.

Isolating from Customers

• Nitro Enclaves provide additional isolation by allowing customers to create a hardened, isolated compute environment within their EC2 instance.
• Nitro Enclaves have no external network connectivity, no persistent storage, and no administrator/root access, ensuring data is protected even from the customer's own operators.
• Nitro Enclaves can provide cryptographic attestation, allowing them to prove their identity and establish trust before accessing secrets.

Confidential Computing for AI Workloads

• AI workloads introduce new requirements for confidential computing, such as the need to protect model data and weights, as well as the ability to run on GPUs and AI accelerators.
• AWS has launched EC2 Instance Attestation, which brings the benefits of Nitro Enclaves to regular EC2 instances, including GPU and AI-enabled instances.
• EC2 Instance Attestation includes:
  • Attestable Amazon Machine Images (AMIs) with cryptographic hashes
  • Nitro TPM-based attestation documents
  • Integration with AWS Key Management Service (KMS) for secure key management

Real-World Use Cases

• Customers across various industries have successfully leveraged confidential computing capabilities, including:
  • Ad tech
  • Financial services
  • Web3 and crypto
  • Privileged access management
• Specific examples include:
  • Visa and Mastercard using confidential computing for real-time payments
  • Coinbase using Nitro Enclaves for secure wallets
  • Fireblocks and Stripe implementing custody solutions and key management with confidential computing

Key Takeaways

• AWS has made significant investments to provide "always-on" confidential computing on EC2 instances, isolating customer data from both AWS operators and the customers' own operators.
• Nitro Enclaves and EC2 Instance Attestation provide flexible, high-performance, and cryptographically-attested isolated compute environments for a wide range of sensitive workloads.
• Confidential computing capabilities are available across all EC2 instance types, including GPU and AI-accelerated instances, enabling advanced use cases like confidential inferencing and federated learning.
• AWS provides comprehensive resources, workshops, and customer examples to help developers and enterprises leverage confidential computing for their critical applications.