1 個回答
- 最新
- 最多得票
- 最多評論
1
The repost doc is for already created instances to update them to imdsv2 via automation.
For future unknown instances, a solution is to create a launch template which enforces imdsv2 and then attach IAM policies to roles which launch instances to ensure imdsv2 is utilized (https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-launch-template-permissions.html#instance-metadata-requireIMDSv2).
In addition, if using control tower, there is a control that could be put in place to prevent launching without imdsv2: [CT.EC2.PR.1] Require an Amazon EC2 launch template to have IMDSv2 configured (https://docs.aws.amazon.com/controltower/latest/userguide/ec2-rules.html#ct-ec2-pr-1-description)
已回答 10 個月前
相關內容
- 已提問 7 個月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前