- 新しい順
- 投票が多い順
- コメントが多い順
Hello,
Kindly note that 'MetadataNoToken' Cloudwatch metric is used to determine if there are any processes accessing instance metadata that are using Instance Metadata Service Version 1, which does not use a token. If all requests use token-backed sessions, i.e., Instance Metadata Service Version 2, the value will be 0. Hence based on the above metric, we can see that IMDSv1 is being used for your instance. Typically, AWS CLI, SDKs, any automation scripts, packages etc can trigger these IMDv1 calls.
While there is no direct way to determine the exact process or service that is using the IMDSv1, we can suggest you a workaround by making use of "aws-imds-packet-analyzer" tool which may be helpful for you to identify sources of IMDSv1 calls on your EC2 instances, Please refer below documentation for more information:
[+] https://aws.amazon.com/about-aws/whats-new/2023/06/imds-packet-analyzer-simplifies-migration-imdsv2/