Ways to perform EV code singing od Win Desktop app in cloud

We use EV code signing for our Windows Desktop app, so that SmartScreen treats it as trusted. That's all good, except the signature process requires hardware token to be plugged-in in the system where signing process happens. Now we would like to move building process to cloud and... that's the question: how is it supposed we could plug token to AWS?? Maybe there are another solutions for this issue? I can't believe that huge developers do all builds manually in order to have them signed.