Enhanced instance metadata service (IMDSv2) is not enforced

Logging and monitoring

Enhanced instance metadata service (IMDSv2) is not enforced

Platform(s)

Compliance Frameworks

AWS Foundational Security Best Practices Controls
CCPA
CPRA
HITRUST
iso_27001_2022
iso_27002_2022
Mitre ATT&CK
NIST 800-171
NIST 800-53
Orca Best Practices
PDPA
UK Cyber Essentials

Description

The use of IMDSv2, the enhanced version of the Instance Metadata Service, is not enforced on the EC2 instance {AwsEc2Instance} ({AwsEc2Instance.InstanceId}). IMDSv2 solves a lot of security issues in the original version (IMDSv1) by using session-based authentication. If an instance is still using IMDSv1, malicious actors can use compromised applications running inside it to gain unauthorized access to the metadata service.

Enhanced instance metadata service (IMDSv2) is not enforced

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS