By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Security Hub Question

0

How do i solve the security vulnerability with the error "EC2 instances should use instance Metadata Service Version 2 (IMDSv2)

Topics
Security, Identity, & ComplianceCompute
Tags
AWS Security HubAmazon EC2
Language
English
emmanlaw32
asked 6 months ago197 views
1 Answer
1
Accepted Answer

Before setting the IMDSv2 for the EC2 instance, check CloudWatch metric MetadataNoToken. This metric shows th.e number of IMDSv1 calls to the IMDS on your instances. If the metric MetadataNoToken records zero IMDSv1 usage, you can follow these options for updating existing EC2 instances:

  1. From the Amazon EC2 console: select the EC2 instance, choose Actions --> Instance settings --> Modify instance metadata options --> for IMDSv2, select Required.
  2. For EC2 instances created from Launch Templates, modify the MetadataOptions parameter in the Launch Template to require use of IMDSv2
  3. From AWS CLI: Use the modify-instance-metadata-options CLI command to specify that only IMDSv2 is to be used.

If the metric MetadataNoToken shows IMDSv1 usage, update the SDKs, CLIs, and your software that use Role credentials on their EC2 instances to versions compatible with IMDSv2.

Reference: Transition to using Instance Metadata Service Version 2

profile pictureAWS
Kuok Chiang
answered 6 months ago
profile picture
EXPERT
Gary Mclean
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content