Logging and monitoring

Enhanced instance metadata service (version 2) is not enforced

Risk Level

Informational (4)

Platform(s)

Description

The use of IMDSv2, the enhanced version of the Instance Metadata Service, is not enforced on all EC2 instances. IMDSv2 solves a lot of security issues in the original version (IMDSv1) by using session-based authentication. If an instance is still using IMDSv1, malicious actors can use compromised applications running inside it to gain unauthorized access to the metadata service.