ECS instance metadata access uses security-enhanced mode (IMDSv2)

ID: rule:aliyun:ecs-instance-meta-data-mode-check
Severity: medium
IaC Types: ROS, Terraform

Description

When accessing ECS instance metadata, security-enhanced mode (IMDSv2) is enforced, considered compliant. Instances associated with ACK clusters are not applicable.

Reason for Violation

ECS instance metadata is accessible without security-enhanced mode (IMDSv1)

Recommendation

Set HttpEndpoint to 'enabled' and HttpTokens to 'required' to enforce IMDSv2

Resource Types

ROS: ALIYUN::ECS::Instance
ROS: ALIYUN::ECS::InstanceGroup
Terraform: alicloud_instance

Description​

Reason for Violation​

Recommendation​

Resource Types​

Description

Reason for Violation

Recommendation

Resource Types