The Instance Metadata Service (IMDS) allows EC2 instances to access metadata about themselves, such as instance ID, IP address, AMI ID and more.
IMDSv1 is the old way and is no longer recommended by AWS.
curl http://169.254.169.254/latest/meta-data/instance-id
Using IMDSv2 on EC2 instances in AWS Cloud provides a more secure way to access instance metadata and is recommended by AWS. It offers built-in protections against common types of metadata service exploitation. Additionally, it allows for more granular control over access to instance metadata, which can help reduce the risk of unauthorized access.
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`
curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/instance-id
Overall, using IMDSv2 on EC2 instances in AWS Cloud can help improve the security of your applications and data, and is therefore worth considering if you are using EC2 instances in your infrastructure.
If you want to know more, learn about good practices and receive practical advice, I invite you to watch my video: https://youtu.be/91stm1cEIG4
Top comments (0)