Back to All Checks
Low EC2 Regional

EC2 launch templates should use Instance Metadata Service Version 2 (IMDSv2)

PCI DSS v4.0.1PCI DSS v2.2.6

Description

This check verifies whether an Amazon EC2 launch template default version is configured with Instance Metadata Service Version 2 (IMDSv2). The check fails if HttpTokens is set to optional.

Remediation

To enable IMDSv2 for your EC2 launch templates, you need to set the HttpTokens parameter to 'required' in the metadata options of the default version of the launch template.

Steps

  1. Open the Amazon EC2 console
  2. Navigate to Launch Templates
  3. Select the launch template you want to modify and click on the default version
  4. In the Advanced details section, expand 'Metadata options'
  5. Set 'Metadata access' to 'Required (IMDSv2)'
  6. Save the changes to the launch template

Compliance

PCI DSS v4.0.1PCI DSS v2.2.6
Start Your Free Security Check