Overview

An IAM policy that prevents users from launching new EC2 Instances if they are not configured to use the new Instance Metadata Service (IMDSv2)

Configuration Templates

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ec2:RunInstances"
            ],
            "Resource": [
                "arn:aws:ec2:*:*:instance/*"
            ],
            "Effect": "Deny",
            "Condition": {
                "StringNotEquals": {
                    "ec2:MetadataHttpTokens": "required"
                }
            }
        }
    ]
}

Actions



Customize Template

Policy Parameters

No policy variables to customize
* Required field

Sources and Documentation

Configuration Source: AWS Documentation

Additional Documentation:

 

© 2020 asecurecloud Inc. All Rights Reserved.