ECS instance metadata access uses security-enhanced mode (IMDSv2)

ID: rule:aliyun:ecs-instance-meta-data-mode-check
Severity: medium

Description

When accessing ECS instance metadata, security-enhanced mode (IMDSv2) is enforced, considered compliant. Instances associated with ACK clusters are not applicable.

Reason for Violation

ECS instance metadata is accessible without security-enhanced mode (IMDSv1)

Recommendation

Set HttpEndpoint to 'enabled' and HttpTokens to 'required' to enforce IMDSv2

Resource Types

ALIYUN::ECS::Instance
ALIYUN::ECS::InstanceGroup

Description​

Reason for Violation​

Recommendation​

Resource Types​

Description

Reason for Violation

Recommendation

Resource Types