- 新しい順
- 投票が多い順
- コメントが多い順
To inspect suspicious traffic to the instance metadata service, I would check VPC Flow Logs. Those would have network connectivity that you could see if there are suspicious network traffic to the EC2 instance metadata service.
AWS GuardDuty comes with a VPC Flow Log Finding: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-metadatadnsrebind (Keep in mind AWS GuardDuty does have a cost associated with the service: https://aws.amazon.com/guardduty/pricing/).
I would also recommend using IMDSv2 if possible which is a session-based method compared to request/response of IMDSv1: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
VPC Flow Logs: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
関連するコンテンツ
- 質問済み 6年前
- AWS公式更新しました 1年前