Difference between revisions of "Datadog: EC2 instances should enforce IMDSv2"

• https://docs.datadoghq.com/security/default_rules/aws-ec2-instance-ec2-instances-should-enforce-imdsv2/

This adds protection against

• Misconfigured-open website application firewalls
• Misconfigured-open reverse proxies
• Unpatched Server Side Request Forgery (SSRF) vulnerabilities
• Misconfigured-open layer-3 firewalls and network address translation

Related

• aws_instance

See also

• Datadog security: Cloud SIEM, Cloud Security Management (CSM)
• IMDS, IMDS versions (IMDSv2), IMDS initiate session, ec2-imdsv2-check, aws ec2 modify-instance-metadata-options, /latest/meta-data, /latest/user-data, modify-instance-metadata-defaults