Auto Scaling group launch configuration should configure EC2 instances to require IMDSv2

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This control verifies if an Amazon EC2 Auto Scaling launch configuration has version 2 of the Instance Metadata Service (IMDS) enforced. The control fails if the http_tokens field in the metadata_options settings is not set to required.

IMDSv2 introduces important additional security features that enhance the protection of your EC2 instances compared to IMDSv1.

Remediation

For guidance on creating secure Auto Scaling launch configurations, refer to the Configure the instance metadata options section of the Amazon EC2 Auto Scaling User Guide.

PREVIEWING: esther/docs-9518-update-example-control-sensitive-log-data