[artjomb]

> In contrast, with the Nitro System, the only interface for operators is a restricted API, making it impossible to access customer data or mutate the system in unapproved ways.

That's great but what are the approved ways? This does not prevent access to customer data. Is there and built-in audit functionality to see accesses that were approved and done/attempted? This would also need to be implemented in all levels of the stack.

This basically means that AWS closed a compliance issue through technical control at the lowest level.