| ▲ | jiggawatts 11 hours ago | |
Who is this for? I don’t know of any customers that are this paranoid but also trust the public cloud. | ||
| ▲ | privatelypublic 11 hours ago | parent [-] | |
This doesn't appear to he exclusively anti-evil maid. It takes "build an AMI that doesn't have enough userland to extract the keys" and extends it to "only approved AMI's can access the keys." Lateral movement of attackers. Shadow IT. People modifying things between test and Prod. All easy examples that don't require you to trust AWS hasn't backdoored it to still get better security. | ||