AWS security notification: EC2 instances vulnerable to log4j vulnerability


Based on the AWS security notification some of the EC2 instances were vulnerable to log4j vulnerability. We updated the EC2 instance to use IMDSv2 and disabled IMDSv1 using the below command:

aws ec2 modify-instance-metadata-options --instance-id <<instance_id>> -http-tokens required --http-endpoint enabled Will this be sufficient or should we take into consideration any other measures?

asked 2 years ago586 views
1 Answer

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions