- 最新
- 最多得票
- 最多評論
To inspect suspicious traffic to the instance metadata service, I would check VPC Flow Logs. Those would have network connectivity that you could see if there are suspicious network traffic to the EC2 instance metadata service.
AWS GuardDuty comes with a VPC Flow Log Finding: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-metadatadnsrebind (Keep in mind AWS GuardDuty does have a cost associated with the service: https://aws.amazon.com/guardduty/pricing/).
I would also recommend using IMDSv2 if possible which is a session-based method compared to request/response of IMDSv1: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
VPC Flow Logs: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
相關內容
- 已提問 6 個月前
- 已提問 6 個月前
- 已提問 1 年前
AWS 官方已更新 3 年前- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前