Difference between revisions of "IMDS versions"
Jump to navigation
Jump to search
↑ https://d1.awsstatic.com/events/reinvent/2019/Security_best_practices_for_the_Amazon_EC2_instance_metadata_service_SEC310
↑ https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-metadata-transition-to-version-2.html
↑ https://docs.datadoghq.com/security/default_rules/aws-ec2-instance-ec2-instances-should-enforce-imdsv2/
(One intermediate revision by the same user not shown) | |||
Line 7: | Line 7: | ||
− | [[aws ec2 modify-instance-metadata-defaults]] | + | [[aws ec2 modify-instance-metadata-defaults --http-tokens]] required |
+ | |||
+ | == Activities == | ||
+ | * [[Transition to using Instance Metadata Service Version 2]] | ||
== Related == | == Related == |
Latest revision as of 09:27, 28 June 2024
IMDS distinguishes between v1 and v2 requests by presence of headers [1]
- IMDSv2 uses token-backed sessions [2] that expires after a maximum of six hours. [3]
- MDSv1 disabled in Amazon Linux 2023
- Datadog: EC2 instances should enforce IMDSv2
aws ec2 modify-instance-metadata-defaults --http-tokens required
Activities[edit]
Related[edit]
- IMDSv2
- Use IMDSv2, Transition to using Instance Metadata Service Version 2
aws ec2 modify-instance-metadata-options
See also[edit]
- IMDS, IMDS versions (IMDSv2), IMDS initiate session,
ec2-imdsv2-check, aws ec2 modify-instance-metadata-options, /latest/meta-data, /latest/user-data, modify-instance-metadata-defaults
Advertising: