Amazon Web Services Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – How can I enable IMDSv2 by default for all new instances that I launch in my account?

I’ve migrated all my instances to IMDSv2, but I’m not sure how to ensure that all future instances have IMDSv2 enabled by default. How can I do that?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Assuming you're using the latest version of the AWS CLI, you can run the following:

    #!/usr/bin/env bash

set -uefo pipefail

REGIONS=$(aws account list-regions | jq -r ".Regions[] | select(.RegionOptStatus != "DISABLED") | .RegionName")

for region in $REGIONS; do aws ec2 modify-instance-metadata-defaults --http-tokens required --region $region; done | cat

  2. 0

    You can also achieve this via the EC2 console.

    1. Browse to the EC2 console.
    2. Select the ‘Settings‘ button from the bottom of the left side menu.
    3. Scroll to ‘IMDS defaults‘ section and hit ‘Manage’
    4. You can hit the drop down for ‘Metadata version‘ and select ‘V2 only (token required)‘.
    5. Then hit update.

    This will allow you to set the IMDS defaults at the account level for new instance launches in the region that you are in when making this change.

    For some other context, when no preference is selected for the IMDS default settings the IMDS settings/values will come from either the AMI or the instance configuraiton.

    I hope this helps 🙂

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search