AWS announces EC2 instance attestation (aws.amazon.com)

AWS has announced general availability of EC2 instance attestation, a feature that lets customers cryptographically verify that an EC2 instance is running a specific, trusted software/configuration — including instances with AI chips and GPUs. Previously customers could lock down operator access on instances but had no way to prove remotely that those protections were actually in place. Attestation fills that gap by letting you build an Attestable AMI with a cryptographic measurement of its contents and then use Nitro Trusted Platform Module (NitroTPM) to validate that a running instance matches that measurement. Key technical details: Attestable AMIs produce a reference measurement; NitroTPM on the instance attests the running image against that reference. EC2 instance attestation integrates with AWS KMS so you can gate key operations (for example, decryption of model weights or access to training data) only to instances that pass specified attestation conditions. The feature is available in all AWS Commercial Regions, including GovCloud, and is particularly significant for AI/ML teams and security-conscious deployments because it strengthens supply-chain integrity, enforces zero-trust protections for GPU/accelerator workloads, and enables stricter key and secret management tied to verified runtime state.