Back to All Checks
High EC2 Regional

Amazon EC2 instances should use Instance Metadata Service Version 2 (IMDSv2)

NIST

Description

Checks whether Amazon EC2 instances are using IMDSv2.

Remediation

To comply with this control, ensure that Amazon EC2 instances use Instance Metadata Service Version 2 (IMDSv2). Modify the instance metadata options to enforce the use of IMDSv2.

Steps

  1. Sign in to the AWS Management Console and open the EC2 console at https://console.aws.amazon.com/ec2/.
  2. In the EC2 console, click on 'Instances' in the left navigation pane.
  3. Select the instance you want to modify.
  4. Click on 'Actions', then 'Instance Settings', and select 'View/Change Instance Metadata'.
  5. In the 'Instance Metadata' dialog, set 'Metadata version' to 'V2'.
  6. Enable 'Enforce IMDSv2' by checking the box.
  7. Click on 'Save' to apply the changes.
  8. Verify that the instance is now using IMDSv2 by checking the instance metadata settings.

Compliance

NIST
Start Your Free Security Check