1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
The repost doc is for already created instances to update them to imdsv2 via automation.
For future unknown instances, a solution is to create a launch template which enforces imdsv2 and then attach IAM policies to roles which launch instances to ensure imdsv2 is utilized (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-launch-template-permissions.html#instance-metadata-requireIMDSv2).
In addition, if using control tower, there is a control that could be put in place to prevent launching without imdsv2: [CT.EC2.PR.1] Require an Amazon EC2 launch template to have IMDSv2 configured (https://docs.aws.amazon.com/controltower/latest/userguide/ec2-rules.html#ct-ec2-pr-1-description)
répondu il y a 10 mois
Contenus pertinents
- demandé il y a 5 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans