Encryption in use
At this point, we understand the concept of protecting data using encryption in transit and encryption at rest. There is still one place we need to protect data – while the data is being used in the server's memory; that is, encryption in use.
AWS Nitro Enclaves
AWS offers its customers a unique architecture that creates an isolated environment for storing sensitive information (such as PII, credit card numbers, and healthcare data), which separates customers' data from the EC2 instance itself while using AWS KMS for data encryption.
For more information, please refer to the following resources:
AWS Nitro Enclaves:
How AWS Nitro Enclaves uses AWS KMS: