Overview of Amazon EC2 instance attestation, powered by NitroTPM and Attestable AMIs. Covers how attestation documents prove that an instance is running approved software and how to use them with AWS KMS for cryptographic policy enforcement.