standard
turbot/aws_compliance

Trigger: Detect & correct EC2 instances with IMDSv1 enabled

Detect EC2 instances and disable IMDSv1.

Query

select
concat(instance_id, ' [', account_id, '/', region, ']') as title,
instance_id,
region,
sp_connection_name as conn
from
aws_ec2_instance
where
metadata_options ->> 'HttpTokens' = 'optional';

Schedule

15m

Tags

category = Compliance
mod = aws
service = AWS/EC2