Medium

Ensure EC2 instances use Instance Metadata Service Version 2 (IMDSv2)

Security & Compliance
Description

The Instance Metadata Service (IMDS) is a service provided by Amazon Web Services (AWS) that allows EC2 instances to retrieve information about themselves and their environment. Instance Metadata Service Version 2 (IMDSv2) is the latest version of this service, which provides enhanced security features to protect against potential security vulnerabilities. IMDSv2 introduces a number of security features, including mutual Transport Layer Security (TLS) authentication, shorter timeouts, and instance profile signature version 4. These features help protect against potential attacks, such as the exploitation of EC2 instance metadata to gain unauthorized access to sensitive information or resources. By ensuring that your EC2 instances are using IMDSv2, you can help protect your AWS environment and applications from potential security vulnerabilities.‍

Remediation

If you have determined that your EC2 instances are not using Instance Metadata Service Version 2 (IMDSv2), it is important to take immediate remediation steps to ensure that your instances are secure. Here are some steps you can take:

  1. Enable IMDSv2: The first step is to enable IMDSv2 on your EC2 instances. You can do this by updating your instance metadata configuration to require IMDSv2, or by using the AWS CLI or SDK to enable IMDSv2 on your instances.
  2. Update applications: Once you have enabled IMDSv2, you should update your applications to use the new IMDSv2 endpoint. This may require changes to your application code or configuration, depending on how your applications are currently accessing instance metadata.
  3. Verify configuration: After enabling IMDSv2 and updating your applications, you should verify that your instances are using IMDSv2 by testing metadata requests. You can use tools like curl or the EC2 Instance Metadata Query Tool to test metadata requests and verify that they are using IMDSv2.
  4. Update security policies: Finally, you should update your security policies to ensure that all new EC2 instances are using IMDSv2. This can include updating your company's security guidelines, creating templates for EC2 instances that enforce the use of IMDSv2, and training your team on best practices for EC2 security.

By following these remediation steps and enabling IMDSv2 on your EC2 instances, you can help ensure that your instances are using the latest security features to protect against potential security vulnerabilities.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.

Step into the Future of SecOps