Learn how to identify and migrate EC2 instances from IMDSv1 to IMDSv2 using Terraform and security best practices.
#aws#ec2#imds#security#terraform
LabCLOUD_SECURITY · intermediate · ~60 min · 5 steps/labs
03 — Branch checkout · ~/lab
$git checkout branch-1-vulnerable
branch branch-1-vulnerablephase 1/5
04 — Prereqs & objectives
▌ Prerequisites
AWS Account
Terraform installed
Basic EC2 knowledge
▌ Learning objectives
Understand IMDS security implications
Identify IMDSv1 usage in your environment
Migrate instances to IMDSv2 using Terraform
Implement monitoring for IMDS compliance
Briefing3 prereqs · 4 objectives
05 — README · lab documentation
IMDSv1 to IMDSv2 Migration Lab
This lab will guide you through identifying and migrating EC2 instances from the less secure IMDSv1 to the more secure IMDSv2 using Terraform automation and security best practices.
Overview
The EC2 Instance Metadata Service (IMDS) provides access to instance metadata from within EC2 instances. IMDSv2 introduces important security improvements over IMDSv1, including session-oriented requests and additional protection against certain types of attacks.
What You’ll Learn
Understanding the security differences between IMDSv1 and IMDSv2
Identifying instances currently using IMDSv1
Using Terraform to enforce IMDSv2 requirements
Monitoring and compliance strategies
Prerequisites
Before starting this lab, ensure you have:
An active AWS account
Terraform installed and configured
Basic understanding of EC2 and AWS CLI
Understanding of infrastructure as code concepts
Lab Structure
This lab is divided into progressive steps, each building on the previous one. Each step has its own branch in the GitHub repository, allowing you to follow along with the exact code and configuration needed.
Getting Started
To begin this lab, clone the repository and check out the first step: