Aqua CSPM

Insecure EC2 Metadata Options

Quick Info

Plugin TitleInsecure EC2 Metadata Options
CloudAWS
CategoryEC2
DescriptionEnsures EC2 instance metadata is updated to require HttpTokens or disable HttpEndpoint
More InfoThe new EC2 metadata service prevents SSRF attack escalations from accessing the sensitive instance metadata endpoints.
AWS Linkhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#configuring-instance-metadata-service
Recommended ActionUpdate instance metadata options to use IMDSv2

Detailed Remediation Steps