DEV Community

Cover image for Why should you use IMDSv2 and not IMDS on AWS EC2

Why should you use IMDSv2 and not IMDS on AWS EC2

The Instance Metadata Service (IMDS) is a feature of Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances that provides a way for EC2 instances to learn about themselves and their environment. Instance Metadata Service (IMDS) allows you to access data about your ec2 instance which you can use to configure or manage a running instance:

Image description

There are two versions of IMDS: IMDSv1 and IMDSv2.

IMDSv2 is the latest version of the service and was introduced to address several security concerns with IMDSv1. Unlike IMDSv1, IMDSv2 is protected by a session token that is obtained using instance credentials, making it much more secure.

Important information about IMDSv2:

  • There is no limit to the number of tokens.
  • There is no limit to the number of sessions.
  • The new version is still limited by normal IMDS connection and throttling limits.
  • Sessions can last up to six hours, that is, up to 21600 seconds

Let's go deeper, first generate a token with the following command:

TOKEN=`curl -X PUT "" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`
Enter fullscreen mode Exit fullscreen mode

Now you can use the token, for example with the following command:

curl -H "X-aws-ec2-metadata-token: $TOKEN" -v
Enter fullscreen mode Exit fullscreen mode

If you are interested in the topic, you will learn more about IMDS from my video:

or from my blog:

Information about ec2 from ec2 - IMDS & IMDSv2

In this article you will learn how to get instance_ID ami_ID and other EC2 information from ec2. I'll show you two ways to do it. I will tell you about the best practices and give you good advice. This is extremely helpful when you're creating a script or getting started with automation. You will learn what are the differences between IMDS and IMDSv2.


Top comments (0)