It seems like everything you have described could be done with TPM: creating a signing key for TLS mutual authentication (against the secret store) with policy that allows using that key only if system configuration did not change (PCR values stay consistent). Additionally TPMs allow remote attestation (via quotes and endorsement keys).

So I'm wondering what's the advantage of Nitro Enclaves? Better out of the box tooling?

I’ll check out the TPM, but our big draw with the Enclave system is being able to run general purpose code (Python / Go) inside a secure isolated environment. The earlier system we had was SEE machine on a HSM and required a special compiler to run - I haven’t seen the Nitro TPM just yet, but I doubt I’d be able run a container inside the boundaries of the TPM.

In case it's helpful: I'm maintaining a tool kit that makes it possible to run unmodified, general-purpose code inside Nitro enclaves: https://github.com/brave/nitriding

I'm not OP, but AWS introduced Nitro Enclaves about two years before Nitro TPM, which is a relatively recent addition. It's likely that TPM wasn't available in AWS at the time of OP's original development. Nitro TPM is not available at all on Graviton 1 or 2; only the newest Graviton 3.

That clarifies some matters - thanks!