Detections
Analytics

Ensure IMDSv1 is disabled for AWS EC2 instances

HIGH

Description

AWS EC2 instances that have IMDSv1 enabled are vulnerable to server side request forgery (SSRF) attacks.

Remediation

In AWS Console -

  1. When launching a new instance in the Amazon EC2 console, select the following options on the Configure Instance Details page:
    a. Under Advanced Details, for Metadata accessible, select Enabled.
    b. For Metadata version, select V2.

In Terraform -

  1. For the aws_instance resource, set the metadata_options.http_endpoint field to disabled.
  2. Set the metadata_options.http_tokens field to required.

References:
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/configuring-instance-metadata-service.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/instance#metadata_options

Policy Details

Rule Reference ID: AC_AWS_0154
CSP: AWS
Remediation Available: Yes
Domain: Infrastructure Security
Resource: aws_instance
Resource Category: Compute
Resource Type: Elastic Cloud Compute (EC2)

Frameworks