In this comprehensive session from AWS re:Inforce 2023, J.D. Bean, Principal Security Architect with the EC2 team at AWS, delves deep into the security design of the AWS Nitro System. Bean explores the evolution of the Nitro System from its inception in 2012 to its current state, highlighting its core components: Nitro cards, Nitro security chip, and Nitro hypervisor. He discusses how these elements work together to provide enhanced security, performance, and innovation for EC2 instances. Key security features such as hardware-based encryption, zero operator access, and strong tenant isolation are explained in detail. The presentation also covers recent developments in transparency and assurance around the Nitro System's security design, including third-party assessments and formal verifications. Bean concludes by emphasizing how the Nitro System serves as a foundation for ongoing security innovation across AWS services.