v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: EC2 instances should use IMDSv2

Description

Ensure the Instance Metadata Service Version 2 (IMDSv2) method is enabled to help protect access and control of AWS Elastic Compute Cloud (AWS EC2) instance metadata.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.ec2_instance_uses_imdsv2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.ec2_instance_uses_imdsv2 --share

SQL

This control uses a named query:

ec2_instance_uses_imdsv2

Tags

category = Compliance
cis_controls_v8_ig1 = true
fedramp_low_rev_4 = true
fedramp_moderate_rev_4 = true
gxp_21_cfr_part_11 = true
hipaa_final_omnibus_security_rule_2013 = true
nist_800_53_rev_4 = true
nist_800_53_rev_5 = true
nist_csf = true
nydfs_23 = true
plugin = aws
service = AWS/EC2