If EC2 were like your home server, you might be right. And an EC2 bare metal instance is the closest approximation to that. That option was never disabled and we had some customers who rolled their own nested VM implementations on it.
But EC2 is not like your home server. There are some nontrivial considerations and requirements to offer nested virtualization at cloud scale:
1. Ensuring virtualized networking (VPC) works with nested VMs as well as with the primary VM
2. Making sure the environment (VMM etc) is sufficiently hardened to meet AWS's security standards so that nesting doesn't pose unintended threats or weaken EC2's isolation properties
3. Ensuring performance meets customer standards
4. Building a rock-solid control plane around it all
It's not just a trivial matter of flipping a bit.
I don't know if this applies to the specific nested virtualisation AWS are providing though.
I remember playing with nested virty some years ago and deciding it is a backwards step except for PoC and the like. Given I haven't personally run out of virty gear, I never needed to do a PoC.
The place I've probably wanted it the most though is in CI/CD systems: it's always been annoying to build and test system images in EC2 in a generic way.
It also allows for running other third party appliances unmodified in EC2.
But also, almost every other execution environment offers this: GCP, VMWare, KVM, etc, so it's frustrating that EC2 has only offered it on their bare metal instance types. When ec2 was using xen 10+ years ago, it made sense, but they've been on kvm since the inception of nitro.
GCP has had nested virtualization for a while.
Nested virtualization can mean a lot of things. Not just full VMs.
sitole•1h ago
This is really big news for micro-VM sandbox solutions like E2B, which I work on.