AWS Introduces EC2 Instance Attestation

AWS has introduced EC2 instance attestation, a new security feature that enables customers to verify that their virtual machines are running approved software configurations in a cryptographically secure manner. The capability is powered by the Nitro Trusted Platform Module (NitroTPM) and Attestable AMIs.

With EC2 instance attestation, customers can cryptographically verify that an EC2 instance is running trusted configurations and software, addressing a key concern for organizations with strict security and compliance requirements. Previously, it was possible to remove operator access from administrators and users on EC2, but there was no way to verify this had been done. J.D. Bean, principal security architect at AWS, explains:

With this capability, customers will be able to utilize the full potential of Nitro-based EC2 instances, including high-performance networking and AI accelerator hardware, while raising the bar on trusted computing paradigms such as multiparty computation.

Similar to the functionality previously available only in Nitro Enclaves, the new feature extends those protections to standard EC2 instances. Bean adds:

This release provides tooling and interfaces for customers to build hardened and constrained Amazon Machine Images (AMI), which are designed for zero operator access and high assurance. These attestable AMIs can provide proof to external systems of the system contents to inform authentication and authorization decisions.

An Attestable AMI is an AMI with a corresponding cryptographic hash that represents all of its contents. According to the documentation, this hash is generated during the AMI creation process and is calculated based on the AMI’s complete contents, including applications, code, and the boot process.

With the new feature, keys and other secrets can be decrypted using AWS Key Management Service (KMS) only by EC2 instances running an approved AMI. Additionally, organizations can build a certificate authority (CA) that issues certificates solely to instances verified as running approved AMIs. On a popular Hacker News thread, some users questioned whether the feature would see significant adoption. User jiggawatts commented:

Who is this for? I don’t know of any customers that are this paranoid but also trust the public cloud.

Corey Quinn, chief cloud economist at The Duckbill Group, comments:

This is useful for folks who trust their cloud providers but also don’t trust their cloud providers in very specific combinations.

Yan Cui, AWS Hero and serverless expert, has a different opinion:

The new EC2 instance attestation is a game changer for some use cases around enterprise SaaS and compliance (…) Many enterprises prefer to run the SaaS software internally so their sensitive data doesn’t leave their network. But then the SaaS provider has no way to safeguard their intellectual property, the software. With attestable AMIs, the SaaS provider can publish an AMI with their software (say, an AI model). Clients can launch EC2 instances from the image and run the software, but cannot access its content.

AWS is not the only cloud provider that enables customers to verify that a virtual machine is running trusted configurations and software: both Google Cloud and Azure offer similar attestation capabilities.

EC2 Instance Attestation is available in all AWS regions at no additional cost for the feature itself. Standard storage charges apply for AMIs, and AWS KMS pricing applies for key operations if the service is used.

A user guide is available for building an Amazon Linux 2023 Attested AMI using KIWI Next Generation, an open-source tool for creating preconfigured Linux-based images.