Security Hub Question

0

How do i solve the security vulnerability with the error "EC2 instances should use instance Metadata Service Version 2 (IMDSv2)

질문됨 7달 전212회 조회
1개 답변
2
수락된 답변

Before setting the IMDSv2 for the EC2 instance, check CloudWatch metric MetadataNoToken. This metric shows th.e number of IMDSv1 calls to the IMDS on your instances. If the metric MetadataNoToken records zero IMDSv1 usage, you can follow these options for updating existing EC2 instances:

  1. From the Amazon EC2 console: select the EC2 instance, choose Actions --> Instance settings --> Modify instance metadata options --> for IMDSv2, select Required.
  2. For EC2 instances created from Launch Templates, modify the MetadataOptions parameter in the Launch Template to require use of IMDSv2
  3. From AWS CLI: Use the modify-instance-metadata-options CLI command to specify that only IMDSv2 is to be used.

If the metric MetadataNoToken shows IMDSv1 usage, update the SDKs, CLIs, and your software that use Role credentials on their EC2 instances to versions compatible with IMDSv2.

Reference: Transition to using Instance Metadata Service Version 2

profile pictureAWS
답변함 7달 전
profile picture
전문가
검토됨 4일 전
profile picture
전문가
검토됨 2달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠