Use AWS Config to find EC2 instances using Instance Metadata Service Version 1 (IMDSv1)

Question

How do you find Amazon EC2 instances that are in a public subnet and are using Instance Metadata Service Version 1 (IMDSv1) using AWS Config or AWS Security Hub?

Thanks.

See [ec2-imdsv2-check](https://docs.aws.amazon.com/config/latest/developerguide/ec2-imdsv2-check.html). — jarmod, Jul 14 '22 at 14:39
this also checks ones that are in a pvt subnet, I just need to target EC2s in a public subnet. Thanks though — Row, Jul 14 '22 at 19:15
Perhaps you could elevate metadata security on all instances, regardless of public or private subnet. — jarmod, Jul 14 '22 at 21:00

score 0 · Answer 1 · answered Jul 15 '22 at 15:31

figured it out:

SELECT
  resourceId,
  resourceName,
  resourceType,
  configuration.publicDnsName,
  configuration.instanceType,
  tags,
  availabilityZone
WHERE
  resourceType = 'AWS::EC2::Instance'
  AND configuration.publicDnsName LIKE 'ec2%'

or if you want to do it via the CLI

aws configservice select-aggregate-resource-config --expression "SELECT resourceId, resourceName, resourceType, configuration.publicDnsName, configuration.instanceType, tags, availabilityZone WHERE resourceType = 'AWS::EC2::Instance' AND configuration.publicDnsName LIKE 'ec2%'" --configuration-aggregator-name XX-XX-XX

Use AWS Config to find EC2 instances using Instance Metadata Service Version 1 (IMDSv1)

1 Answers1