Can I connect to dynamodb ?

[PabasaraDilshan]

I need to connect to dynamodb from the enclave to get and save data from the db. How can I do that?

[Xavina]

Hi @PabasaraDilshan,

I need the same.

What I did was adding an entry in /etc/nitro_enclaves/vsock-proxy.yaml, like this:

- {address: dynamodb.eu-central-1.amazonaws.com, port: 443}

Then re-start the vproxy, but I had not much luck. Maybe I did it in a wrong way. Have you tried that?

Thanks

[PabasaraDilshan]

Hi @Xavina
I just written a service on parent instance to connect with the enclave via vsock and get and save data to dynamodb.

[Xavina]

Hi @PabasaraDilshan,

Yes, we did the same, a process in the EC2 host that communicates with the enclave through the vSock to send the Encrypted data, then the Enclave Decrypts it and returns back the Decrypted data to be stored in DynamoDB by the host.

We tried to communicate with DynamoDB from the Enclave, but looks like to not be possible at all, I guess it makes sense per design.

Thanks!

[dpdornseifer]

Hi @Xavina, hi @PabasaraDilshan,

The enclave can directly communicate with any AWS service using the provided vsock-proxy.
In this example I'm using viproxy to tunnel out the https connection required for AWS DynamoDB connection.
https://github.com/aws-samples/nitro-enclave-blockchain-wallet-on-eks/blob/main/applications/ethereum-signer/cmd/key-generator_enclave/run.sh#L13-L19

Please let me know if that example helps.

Cheers

[Xavina]

Hi @dpdornseifer !!!

Super thanks for the sample I'll give it a try!!!

Thanks!

[dpdornseifer]

Perfect @Xavina, let me know if you are facing any issues.

Cheers