- 最新
- 最多得票
- 最多評論
Hello,
Kindly note that 'MetadataNoToken' Cloudwatch metric is used to determine if there are any processes accessing instance metadata that are using Instance Metadata Service Version 1, which does not use a token. If all requests use token-backed sessions, i.e., Instance Metadata Service Version 2, the value will be 0. Hence based on the above metric, we can see that IMDSv1 is being used for your instance. Typically, AWS CLI, SDKs, any automation scripts, packages etc can trigger these IMDv1 calls.
While there is no direct way to determine the exact process or service that is using the IMDSv1, we can suggest you a workaround by making use of "aws-imds-packet-analyzer" tool which may be helpful for you to identify sources of IMDSv1 calls on your EC2 instances, Please refer below documentation for more information:
[+] https://aws.amazon.com/about-aws/whats-new/2023/06/imds-packet-analyzer-simplifies-migration-imdsv2/
相關內容
- 已提問 7 個月前
- 已提問 7 個月前
- 已提問 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前