AWS introduced EC2 Instance Attestation in September, expanding on its earlier feature, Nitro Enclaves. While Nitro Enclaves operates within a confined environment designed for secure execution, EC2 Instance Attestation allows for attestation across the entire EC2 instance. This change brings several notable differences. First, EC2 Instance Attestation offers more capabilities. Unlike Nitro Enclaves, which have strict limitations on resource access, EC2 instances can utilize all standard instance features, including GPUs. This flexibility simplifies deployment, as straightforward tasks that were complex or impossible in Nitro Enclaves can now be executed seamlessly. However, this increased capability comes with a trade-off in security. Nitro Enclaves are secure by default, while EC2 Instance Attestation requires users to actively implement security measures to harden their instances, such as using KIWI NG to build a secure operating system. Deployment complexity also increases with EC2 Instance Attestation. Setting up a Nitro Enclave involves just two steps: creating an Enclave Image File and launching it via the nitro-cli command. In contrast, deploying an Attestable EC2 instance requires three steps: building a raw disk image, creating an Attestable AMI, and then launching the instance. Despite this additional step, the process maintains the same verification method with PCR measurements tied to the raw image. A demo project is available to illustrate the entire pipeline, showcasing how service providers and consumers can verify claims from code to deployment. The author predicts that EC2 Instance Attestation will lead to broader adoption, particularly as it lowers barriers for engineers previously deterred by Nitro Enclaves. Nevertheless, organizations prioritizing security may still prefer Nitro Enclaves for their built-in protections.