You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Expected Outcome - Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Affected AWS resource
Mention the AWS resources which is affected
Impact
High: The issue makes a service level improvement which affects all users of AWS
Medium: Single feature which affects a single functionality which is optionally enabled in the AWS service
Low: Niche use case which is particularly affecting the AWS resources if it is configured in a certain way
Supported material
Can be either logs, screenshots or documentation links which provide evidence of need of this issue
I can contribute: Yes/No
If you are able to contribute towards resolving this request.
Additional context
Add any other context or screenshots about the feature request here.
Pull Request number
If a pull request has already been created.
The text was updated successfully, but these errors were encountered:
Use Case - Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is.
Require the use of IMDSv2
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RequireImdsV2",
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:::instance/*",
"Condition": {
"StringNotEquals": {
"ec2:MetadataHttpTokens": "required"
}
}
}
]
}
Specify maximum hop limit
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "MaxImdsHopLimit",
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:::instance/*",
"Condition": {
"NumericGreaterThan": {
"ec2:MetadataHttpPutResponseHopLimit": "3"
}
}
}
]
}
Require role credentials to be retrieved from IMDSv2
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RequireAllEc2RolesToUseV2",
"Effect": "Deny",
"Action": "",
"Resource": "",
"Condition": {
"NumericLessThan": {
"ec2:RoleDelivery": "2.0"
}
}
}
]
}
Limit who can modify the instance metadata options
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowOnlyImdsAdminsToModifySettings",
"Effect": "Deny",
"Action": "ec2:ModifyInstanceMetadataOptions",
"Resource": "",
"Condition": {
"StringNotLike": {
"aws:PrincipalARN": "arn:aws:iam:::role/ec2-imds-admins"
}
}
}
]
}
Expected Outcome - Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Affected AWS resource
Mention the AWS resources which is affected
Impact
High: The issue makes a service level improvement which affects all users of AWS
Medium: Single feature which affects a single functionality which is optionally enabled in the AWS service
Low: Niche use case which is particularly affecting the AWS resources if it is configured in a certain way
Supported material
Can be either logs, screenshots or documentation links which provide evidence of need of this issue
I can contribute: Yes/No
If you are able to contribute towards resolving this request.
Additional context
Add any other context or screenshots about the feature request here.
Pull Request number
If a pull request has already been created.
The text was updated successfully, but these errors were encountered: