I wonder the degree to which this is about apple trying to reduce their services crypto workload? When developers say they "want a mac instance" they often "want a mac instance that can talk to apple services like a normal mac instance" in order to sign apps and such. I'm not sure but I think arranging for that capability probably involves round trips with apple services to get required key signing artifacts into place ...
If instances are totally ephemeral in the same way as we are used to with linux vm's maybe that runs the risk of creating a real problem for apple services?
If instances are totally ephemeral in the same way as we are used to with linux vm's maybe that runs the risk of creating a real problem for apple services?