MEDIUM
Source
CloudSploit
ID
legacy-metadata-endpoint-disabled

Legacy Metadata Endpoint Disabled

Ensure that compute instances are configured with Legacy MetaData service (IMDSv1) endpoints disabled.

For best security practices, it is recommended that the compute instances should be configured with legacy v1 endpoints (Instance Metadata Service v1) disabled, and use Instance Metadata Service v2 instead.

Ensure all compute instances are configured to use IMDSv2.