1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
1
The repost doc is for already created instances to update them to imdsv2 via automation.
For future unknown instances, a solution is to create a launch template which enforces imdsv2 and then attach IAM policies to roles which launch instances to ensure imdsv2 is utilized (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-launch-template-permissions.html#instance-metadata-requireIMDSv2).
In addition, if using control tower, there is a control that could be put in place to prevent launching without imdsv2: [CT.EC2.PR.1] Require an Amazon EC2 launch template to have IMDSv2 configured (https://docs.aws.amazon.com/controltower/latest/userguide/ec2-rules.html#ct-ec2-pr-1-description)
beantwortet vor 10 Monaten
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren