ASG Launch Configuration IMDSv2 Not Configured

Tenacity Id

Risk Level

Categories

asg-010

4

Last Updated:

April 21, 2022

Auto Scaling Group (ASG) is configured to launch EC2 instances that are not running Instance Metadata Service Version 2. Instance Metadata Service Version 2 (IMDSv2) provides additional protection for EC2 instances against open website application firewall open reverse proxies SSRF vulnerabilities and open layer 3 firewalls and NATs. ASGs should be configured to launch EC2 instances with IMDSv2.