Difference between revisions of "IMDS versions"

From wikieduonline
Jump to navigation Jump to search
 
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[IMDS distinguishes between v1 and v2 requests by presence of headers]] <ref>https://d1.awsstatic.com/events/reinvent/2019/Security_best_practices_for_the_Amazon_EC2_instance_metadata_service_SEC310</ref>
 
[[IMDS distinguishes between v1 and v2 requests by presence of headers]] <ref>https://d1.awsstatic.com/events/reinvent/2019/Security_best_practices_for_the_Amazon_EC2_instance_metadata_service_SEC310</ref>
  
 +
 +
* IMDSv2 uses [[token-backed sessions]] <ref>https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-metadata-transition-to-version-2.html</ref> that expires after a maximum of six hours. <ref>https://docs.datadoghq.com/security/default_rules/aws-ec2-instance-ec2-instances-should-enforce-imdsv2/</ref>
 +
* [[MDSv1]] disabled in [[Amazon Linux 2023]]
 +
* [[Datadog: EC2 instances should enforce IMDSv2]]
 +
 +
 +
[[aws ec2 modify-instance-metadata-defaults --http-tokens]] required
 +
 +
== Activities ==
 +
* [[Transition to using Instance Metadata Service Version 2]]
 +
 +
== Related ==
 
* [[IMDSv2]]
 
* [[IMDSv2]]
 +
* [[Use IMDSv2]], [[Transition to using Instance Metadata Service Version 2]]
 +
* <code>[[aws ec2 modify-instance-metadata-options]]</code>
  
 
== See also ==
 
== See also ==

Latest revision as of 09:27, 28 June 2024

Advertising: