ACM for Nitro Enclaves requires 2 vCPUs to operate, 1 vCPU is required for the parent instance, leaving 1 vCPU available for the enclave application.
When launching a parent instance, choose an instance type that has enough vCPUs and memory for both the parent instance and the additional enclaves. If multi-threading is enabled, you must leave at least 2 vCPUs for the parent instance. If multi-threading is not enabled, you must leave at least 1 vCPU for the parent instance. For example, if multi-threading is enabled and you intend to run 4 enclaves with 4 vCPUs each, you must select an instance type that has at least 18 vCPUs (2 for the parent instance and 16 for the enclaves).
source
We should be able to reduce the minimum CPU count in the launch template from 8 to 4.
We are asking to reserve 6 CPUs for nitro enclaves at https://github.com/aws-samples/sample-code-for-a-secure-vault-using-aws-nitro-enclaves/blob/main/vault_template.yml#L211
ACM for Nitro Enclaves requires 2 vCPUs to operate, 1 vCPU is required for the parent instance, leaving 1 vCPU available for the enclave application.
We should be able to reduce the minimum CPU count in the launch template from 8 to 4.
https://github.com/aws-samples/sample-code-for-a-secure-vault-using-aws-nitro-enclaves/blob/main/vault_template.yml#L595