DEV Community

Cover image for Why you should use IMDSv2 - How to get information about ec2 from ec2
Wojciech Lepczyński for AWS Community Builders

Posted on • Updated on

Why you should use IMDSv2 - How to get information about ec2 from ec2

The Instance Metadata Service (IMDS) allows EC2 instances to access metadata about themselves, such as instance ID, IP address, AMI ID and more.

IMDSv1 is the old way and is no longer recommended by AWS.

curl http://169.254.169.254/latest/meta-data/instance-id
Enter fullscreen mode Exit fullscreen mode

Using IMDSv2 on EC2 instances in AWS Cloud provides a more secure way to access instance metadata and is recommended by AWS. It offers built-in protections against common types of metadata service exploitation. Additionally, it allows for more granular control over access to instance metadata, which can help reduce the risk of unauthorized access.

TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`

curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/instance-id
Enter fullscreen mode Exit fullscreen mode

Overall, using IMDSv2 on EC2 instances in AWS Cloud can help improve the security of your applications and data, and is therefore worth considering if you are using EC2 instances in your infrastructure.

If you want to know more, learn about good practices and receive practical advice, I invite you to watch my video: https://youtu.be/91stm1cEIG4

Top comments (0)