I just tested web_user: www-user on vanilla Trellis. Provision and deploy worked fine on a fresh AWS EC2 and a Digital Ocean droplet.
@debuggerpk Let us know if there is a specific context where changing web_user is a problem. We could put a note in the docs. I didn’t understand your statement "www-user is already a nologin user, or is made by nginx during installation." As far as I know, root is the only ssh user blocked on the Ubuntu AMI with AWS.