Add Support for Nitro Enclaves

[x46085]

I have issues

I'm submitting a...

• enhancement request
• kudos, thank you, warm fuzzy

What is the current behavior?

The current dependency is on the aws module version 3.21, which is just one version shy of the newly added support for Nitro Enclaves announced at AWS re:Invent. In order to support Nitro enclaves, a worker node must be launched with the required flag "--enclave-options 'Enabled=true'". This appears to be supported in aws module 3.22 as seen here in the docs:
https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/launch_template#enclave_options

If this is a bug, how to reproduce? Please include a code sample if relevant.

Nitro Enclave device driver location on a freshly launched EC2 instance using the latest Amazon Linux 2 ami's:

ls -l /usr/lib/modules/$(uname -r)/kernel/drivers/virt/nitro_enclaves/nitro_enclaves.ko

To see if the devices are loaded:

sudo lspci -v -s 00:02.0 && sudo lspci -v -s 00:02.1 && lsmod | grep nitro_enclaves

To test further with the Nitro-CLI:

sudo amazon-linux-extras install aws-nitro-enclaves-cli && sudo usermod -aG ne $USER && logout
systemctl start nitro-enclaves-allocator.service
systemctl status nitro-enclaves-allocator.service

If the status reports successful, you are good to go

Any other relevant info

I'm attempting some changes that might work, will include a reference to this issue if successful

Thanks for all the work you do! We appreciate it.

FYI @spkane @akhilles

[x46085]

I just saw this is a duplicate of this issue:
#1181

But I'll leave this here as I have some useful test info in this issue; feel free to consolidate.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.