github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/ec2/AVD-AWS-0028/docs.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/ec2/AVD-AWS-0028/docs.md (about)

     1  
     2  
     3  IMDS v2 (Instance Metadata Service) introduced session authentication tokens which improve security when talking to IMDS.
     4  By default <code>aws_instance</code> resource sets IMDS session auth tokens to be optional. 
     5  To fully protect IMDS you need to enable session tokens by using <code>metadata_options</code> block and its <code>http_tokens</code> variable set to <code>required</code>.
     6  
     7  
     8  ### Impact
     9  Instance metadata service can be interacted with freely
    10  
    11  <!-- DO NOT CHANGE -->
    12  {{ remediationActions }}
    13  
    14  ### Links
    15  - https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service
    16  
    17