Amazon Elastic Compute Cloud Update: This release includes a new API for retrieving the public endorsement key of the EC2 instance's Nitro Trusted Platform Module (NitroTPM).

Author: AWS

.changes/next-release/feature-AmazonElasticComputeCloud-7437355.json

@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "Amazon Elastic Compute Cloud",
+    "contributor": "",
+    "description": "This release includes a new API for retrieving the public endorsement key of the EC2 instance's Nitro Trusted Platform Module (NitroTPM)."
+}

services/ec2/src/main/resources/codegen-resources/service-2.json

@@ -4407,6 +4407,16 @@
       "output":{"shape":"GetInstanceMetadataDefaultsResult"},
       "documentation":"<p>Gets the default instance metadata service (IMDS) settings that are set at the account level in the specified Amazon Web Services&#x2028; Region.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html#instance-metadata-options-order-of-precedence\">Order of precedence for instance metadata options</a> in the <i>Amazon EC2 User Guide</i>.</p>"
     },
+    "GetInstanceTpmEkPub":{
+      "name":"GetInstanceTpmEkPub",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetInstanceTpmEkPubRequest"},
+      "output":{"shape":"GetInstanceTpmEkPubResult"},
+      "documentation":"<p>Gets the public endorsement key associated with the Nitro Trusted Platform Module (NitroTPM) for the specified instance.</p>"
+    },
     "GetInstanceTypesFromInstanceRequirements":{
       "name":"GetInstanceTypesFromInstanceRequirements",
       "http":{
@@ -27420,6 +27430,24 @@
         "locationName":"item"
       }
     },
+    "EkPubKeyFormat":{
+      "type":"string",
+      "enum":[
+        "der",
+        "tpmt"
+      ]
+    },
+    "EkPubKeyType":{
+      "type":"string",
+      "enum":[
+        "rsa-2048",
+        "ecc-sec-p384"
+      ]
+    },
+    "EkPubKeyValue":{
+      "type":"string",
+      "sensitive":true
+    },
     "ElasticGpuAssociation":{
       "type":"structure",
       "members":{
@@ -30838,6 +30866,57 @@
         }
       }
     },
+    "GetInstanceTpmEkPubRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "KeyType",
+        "KeyFormat"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The ID of the instance for which to get the public endorsement key.</p>"
+        },
+        "KeyType":{
+          "shape":"EkPubKeyType",
+          "documentation":"<p>The required public endorsement key type.</p>"
+        },
+        "KeyFormat":{
+          "shape":"EkPubKeyFormat",
+          "documentation":"<p>The required public endorsement key format. Specify <code>der</code> for a DER-encoded public key that is compatible with OpenSSL. Specify <code>tpmt</code> for a TPM 2.0 format that is compatible with tpm2-tools. The returned key is base64 encoded.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Specify this parameter to verify whether the request will succeed, without actually making the request. If the request will succeed, the response is <code>DryRunOperation</code>. Otherwise, the response is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "GetInstanceTpmEkPubResult":{
+      "type":"structure",
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The ID of the instance.</p>",
+          "locationName":"instanceId"
+        },
+        "KeyType":{
+          "shape":"EkPubKeyType",
+          "documentation":"<p>The public endorsement key type.</p>",
+          "locationName":"keyType"
+        },
+        "KeyFormat":{
+          "shape":"EkPubKeyFormat",
+          "documentation":"<p>The public endorsement key format.</p>",
+          "locationName":"keyFormat"
+        },
+        "KeyValue":{
+          "shape":"EkPubKeyValue",
+          "documentation":"<p>The public endorsement key material.</p>",
+          "locationName":"keyValue"
+        }
+      }
+    },
     "GetInstanceTypesFromInstanceRequirementsRequest":{
       "type":"structure",
       "required":[