diff --git a/modules/multi-runner/variables.tf b/modules/multi-runner/variables.tf
index faf9c946c4..07fd9429d8 100644
--- a/modules/multi-runner/variables.tf
+++ b/modules/multi-runner/variables.tf
@@ -133,8 +133,10 @@ variable "multi_runner_config" {
         evictionStrategy = optional(string, "oldest_first")
       })), [])
       cpu_options = optional(object({
-        core_count       = number
-        threads_per_core = number
+        core_count            = optional(number)
+        threads_per_core      = optional(number)
+        amd_sev_snp           = optional(string)
+        nested_virtualization = optional(string)
       }), null)
       placement = optional(object({
         affinity                = optional(string)
diff --git a/modules/runners/main.tf b/modules/runners/main.tf
index 9a85a2f2c3..de6f585628 100644
--- a/modules/runners/main.tf
+++ b/modules/runners/main.tf
@@ -168,6 +168,8 @@ resource "aws_launch_template" "runner" {
     content {
       core_count       = try(cpu_options.value.core_count, null)
       threads_per_core = try(cpu_options.value.threads_per_core, null)
+      amd_sev_snp           = try(cpu_options.value.amd_sev_snp, null)
+      nested_virtualization = try(cpu_options.value.nested_virtualization, null)
     }
   }
 
diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf
index db58a86b42..dea1a0601a 100644
--- a/modules/runners/variables.tf
+++ b/modules/runners/variables.tf
@@ -637,10 +637,20 @@ variable "credit_specification" {
 variable "cpu_options" {
   description = "The CPU options for the instance. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template#cpu-options for details. Note that not all instance types support CPU options, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#instance-cpu-options"
   type = object({
-    core_count       = number
-    threads_per_core = number
+    core_count            = optional(number)
+    threads_per_core      = optional(number)
+    amd_sev_snp           = optional(string)
+    nested_virtualization = optional(string)
   })
   default = null
+
+  validation {
+    condition = var.cpu_options == null ? true : (
+      (var.cpu_options.amd_sev_snp == null || contains(["enabled", "disabled"], var.cpu_options.amd_sev_snp)) &&
+      (var.cpu_options.nested_virtualization == null || contains(["enabled", "disabled"], var.cpu_options.nested_virtualization))
+    )
+    error_message = "When set, cpu_options.amd_sev_snp and cpu_options.nested_virtualization must be one of: enabled, disabled."
+  }
 }
 
 variable "placement" {
diff --git a/variables.tf b/variables.tf
index 90769578c0..cf41d5cec6 100644
--- a/variables.tf
+++ b/variables.tf
@@ -868,10 +868,20 @@ variable "runner_credit_specification" {
 variable "runner_cpu_options" {
   description = "The CPU options for the instance. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template#cpu-options for details. Note that not all instance types support CPU options, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#instance-cpu-options"
   type = object({
-    core_count       = number
-    threads_per_core = number
+    core_count            = optional(number)
+    threads_per_core      = optional(number)
+    amd_sev_snp           = optional(string)
+    nested_virtualization = optional(string)
   })
   default = null
+
+  validation {
+    condition = var.runner_cpu_options == null ? true : (
+      (var.runner_cpu_options.amd_sev_snp == null || contains(["enabled", "disabled"], var.runner_cpu_options.amd_sev_snp)) &&
+      (var.runner_cpu_options.nested_virtualization == null || contains(["enabled", "disabled"], var.runner_cpu_options.nested_virtualization))
+    )
+    error_message = "When set, runner_cpu_options.amd_sev_snp and runner_cpu_options.nested_virtualization must be one of: enabled, disabled."
+  }
 }
 
 variable "runner_placement" {