EC2 Instance IMDSv2 Token is Optional

Tenacity Id

Risk Level

Categories

ec2-007

2

Last Updated:

April 21, 2022

EC2 instances that are not running Instance Metadata Service Version 2. Instance Metadata Service Version 2 (IMDSv2) provides additional protection for EC2 instances against open website application firewall open reverse proxies SSRF vulnerabilities and open layer 3 firewalls and NATs. EC2 instances should be configured with IMDSv2.