# AWS Launches EC2 instance Attestation for Enhanced Security
AWS has introduced EC2 instance attestation, a new security feature that enables customers to verify that their virtual machines are running approved software configurations in a cryptographically secure manner.The capability is powered by the Nitro Trusted Platform Module (NitroTPM) and Attestable AMIs.
With EC2 instance attestation, customers can cryptographically verify that an EC2 instance is running trusted configurations and software, addressing a key concern for organizations with strict security and compliance requirements. Previously, it was possible to remove operator access from administrators and users on EC2, but ther was no way to verify this had been done.J.D. Bean, principal security architect at AWS, explains:
> With this capability, customers will be able to utilize the full potential of Nitro-based EC2 instances, including high-performance networking and AI accelerator hardware, while raising the bar on trusted computing paradigms such as multiparty computation.
Similar to the functionality previously available only in Nitro Enclaves, the new feature extends those protections to standard EC2 instances. Bean adds:
> This release provides tooling and interfaces for customers to build hardened and constrained Amazon Machine Images (AMI), which are designed for zero operator access and high assurance. these attestable AMIs can provide proof to external systems of the system contents to inform authentication and authorization decisions.
An attestable AMI is an AMI with a corresponding cryptographic hash that represents all of its contents. According to the documentation,this hash is generated during the AMI creation process and is calculated based on the AMI’s complete contents,including applications,code,and the boot process.with the new feature, keys and other secrets can