AWS has introduced EC2 Instance Attestation, a new security feature that enables customers to verify that their virtual machines are running approved software configurations in a cryptographically secure manner. This capability is powered by the Nitro Trusted Platform Module, enhancing trust and transparency for EC2 instances.
Many enterprises prefer to run SaaS software internally to ensure their sensitive data remains within their own network. However, this approach can pose challenges for SaaS providers, who have limited means to safeguard their intellectual property—the software itself—when it is deployed on customer infrastructure.
With attestable Amazon Machine Images (AMIs), SaaS providers can now publish AMIs that include their software, such as AI models. Clients can launch EC2 instances from these images and run the software without gaining direct access to the underlying content. This helps protect the provider’s intellectual property while allowing customers to benefit from their offerings.
AWS is not alone in offering this level of attestation. Both Google Cloud and Microsoft Azure provide similar capabilities that enable customers to verify that virtual machines are running trusted configurations and software.
EC2 Instance Attestation is available in all AWS regions at no additional cost for the feature itself. However, standard storage charges apply for AMIs, and AWS Key Management Service (KMS) pricing is applicable for key operations if that service is utilized.
This new feature represents a significant step forward in cloud security, offering stronger assurances for both SaaS providers and their customers.
https://www.infoq.com/news/2025/10/ec2-instance-attestation/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=global