From b5b25db234ddb12fe48a9179020f79f227e5417b Mon Sep 17 00:00:00 2001
From: sean wibisono <sean.wibisono@thetradedesk.com>
Date: Thu, 4 Jun 2026 11:31:33 +1000
Subject: [PATCH 1/3] increase nitro enclave min resource

---
 scripts/aws/ec2.py | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/scripts/aws/ec2.py b/scripts/aws/ec2.py
index 90efc882c..e71ef7704 100644
--- a/scripts/aws/ec2.py
+++ b/scripts/aws/ec2.py
@@ -72,6 +72,10 @@ def get_meta_url(cls) -> str:
 
 class EC2(ConfidentialCompute):
 
+    # Minimum enclave resources we support
+    MIN_ENCLAVE_CPU_COUNT = 6
+    MIN_ENCLAVE_MEMORY_MB = 24576  # 24 GB
+
     def __init__(self):
         super().__init__()
 
@@ -113,11 +117,15 @@ def __get_ec2_instance_info(self) -> tuple[str, str]:
         
     def __validate_aws_specific_config(self):
         if "enclave_memory_mb" in self.configs or "enclave_cpu_count" in self.configs:
+            """
+            Verify that CPU and Memory reserved for the enclave meet our minimum requirements.
+            Note: nitro-cli will fail if we attempt to launch an enclave larger than what the allocator reserved, hence the upper bound checks
+            """
             max_capacity = self.__get_max_capacity()
-            if self.configs.get('enclave_memory_mb') < 11000 or self.configs.get('enclave_memory_mb') > max_capacity.get('enclave_memory_mb'):
-                raise ConfigurationValueError(self.__class__.__name__, f"enclave_memory_mb must be in range 11000 and {max_capacity.get('enclave_memory_mb')}")
-            if self.configs.get('enclave_cpu_count') < 2 or self.configs.get('enclave_cpu_count') > max_capacity.get('enclave_cpu_count'):
-                raise ConfigurationValueError(self.__class__.__name__, f"enclave_cpu_count must be in range 2 and {max_capacity.get('enclave_cpu_count')}")
+            if self.configs.get('enclave_memory_mb') < self.MIN_ENCLAVE_MEMORY_MB or self.configs.get('enclave_memory_mb') > max_capacity.get('enclave_memory_mb'):
+                raise ConfigurationValueError(self.__class__.__name__, f"enclave_memory_mb must be in range {self.MIN_ENCLAVE_MEMORY_MB} and {max_capacity.get('enclave_memory_mb')}")
+            if self.configs.get('enclave_cpu_count') < self.MIN_ENCLAVE_CPU_COUNT or self.configs.get('enclave_cpu_count') > max_capacity.get('enclave_cpu_count'):
+                raise ConfigurationValueError(self.__class__.__name__, f"enclave_cpu_count must be in range {self.MIN_ENCLAVE_CPU_COUNT} and {max_capacity.get('enclave_cpu_count')}")
         
     def _set_confidential_config(self, secret_identifier: str) -> None:
         """Fetches a secret value from AWS Secrets Manager and adds defaults"""

From 4d4a3b76d66b890a679f98ede8b7c39c8d92285c Mon Sep 17 00:00:00 2001
From: sean wibisono <sean.wibisono@thetradedesk.com>
Date: Thu, 4 Jun 2026 11:33:44 +1000
Subject: [PATCH 2/3] update README

---
 scripts/aws/README.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/scripts/aws/README.md b/scripts/aws/README.md
index 82f2f9ce6..a4320b1b0 100644
--- a/scripts/aws/README.md
+++ b/scripts/aws/README.md
@@ -41,8 +41,8 @@ UID2 Operator application reads configuration from [AWS Secrets Manager](https:/
 ```
 {
   "api_token": "<your-operator-key>",
-  "enclave_cpu_count": "6",
-  "enclave_memory_mb": "24000",
+  "enclave_cpu_count": 6,
+  "enclave_memory_mb": 24576,
   "clients_metadata_path": "https://core-integ.uidapi.com/clients/refresh",
   "salts_metadata_path": "https://core-integ.uidapi.com/salt/refresh",
   "keysets_metadata_path": "https://core-integ.uidapi.com/key/keyset/refresh",
@@ -54,7 +54,6 @@ UID2 Operator application reads configuration from [AWS Secrets Manager](https:/
 ```
 Important Notes:
 - above fields are all required
-- enclave_cpu_count/enclave_memory_mb are currently not customizable, modification to these fields will be ignored
 - `core-integ` is integration test endpoint; use `core-prod` when ready for production usage
 - you might need to replicate secret after creation to use it in other regions
 

From ff8370edb6cf4a070011ccf1ce1219292665da51 Mon Sep 17 00:00:00 2001
From: Release Workflow <unifiedid-admin+release@thetradedesk.com>
Date: Thu, 4 Jun 2026 01:37:30 +0000
Subject: [PATCH 3/3] [CI Pipeline] Released Snapshot version:
 5.70.136-alpha-222-SNAPSHOT

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 2f3cde001..09eef43ae 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-operator</artifactId>
-    <version>5.70.135</version>
+    <version>5.70.136-alpha-222-SNAPSHOT</version>
   
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>