attestation: add awsSEVSNP as new variant (#1900)

* variant: move into internal/attestation * attesation: move aws attesation into subfolder nitrotpm * config: add aws-sev-snp variant * cli: add tf option to enable AWS SNP For now the implementations in aws/nitrotpm and aws/snp are identical. They both contain the aws/nitrotpm impl. A separate commit will add the actual attestation logic.
2025-05-04 15:25:00 -04:00 · 2023-06-09 15:41:02 +02:00 · 2023-06-09 15:41:02 +02:00 · 8f21972aec
commit 8f21972aec
parent 947d0cb20a
110 changed files with 993 additions and 215 deletions
--- a/cli/internal/terraform/variables.go
+++ b/cli/internal/terraform/variables.go
@ -39,7 +39,7 @@ func (v *CommonVariables) String() string {
 	return b.String()
 }

-// AWSClusterVariables is user configuration for creating a cluster with Terraform on GCP.
+// AWSClusterVariables is user configuration for creating a cluster with Terraform on AWS.
 type AWSClusterVariables struct {
 	// CommonVariables contains common variables.
 	CommonVariables
@ -59,6 +59,8 @@ type AWSClusterVariables struct {
 	IAMProfileWorkerNodes string
 	// Debug is true if debug mode is enabled.
 	Debug bool
+	// EnableSNP controls enablement of the EC2 cpu-option "AmdSevSnp".
+	EnableSNP bool
 }

 func (v *AWSClusterVariables) String() string {
@ -72,6 +74,7 @@ func (v *AWSClusterVariables) String() string {
 	writeLinef(b, "iam_instance_profile_control_plane = %q", v.IAMProfileControlPlane)
 	writeLinef(b, "iam_instance_profile_worker_nodes = %q", v.IAMProfileWorkerNodes)
 	writeLinef(b, "debug = %t", v.Debug)
+	writeLinef(b, "enable_snp = %t", v.EnableSNP)

 	return b.String()
 }