Verify that an AMI is enabled for NitroTPM

To enable NitroTPM for an instance, you must launch the instance using an AMI with NitroTPM enabled. You can use either describe-images or describe-image-attributes to verify that an AMI is enabled for NitroTPM. If NitroTPM is enabled for the AMI, the value for TpmSupport is "v2.0".

To describe the image

You can use the describe-images command as follows.


aws ec2 describe-images --image-ids ami-0123456789example --query Images[*].TpmSupport

If NitroTPM is enabled for the AMI, the output is as follows.


[
    "v2.0"
]

If TPM is not enabled, the output is empty.

[
]

To describe the image attribute

Alternatively, if you are the AMI owner, you can use the describe-image-attribute command as follows, specifying tpmSupport as the attribute.


aws ec2 describe-image-attribute \
    --region us-east-1 \
    --image-id ami-0123456789example \
    --attribute tpmSupport

The following is example output.


{
    "ImageId": "ami-0123456789example",
    "TpmSupport": {
        "Value": "v2.0"
    }
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Enable a Linux AMI for NitroTPM

Enable or stop using NitroTPM