Posted On: Jun 1, 2023

You can now use the Instance Metadata Service (IMDS) Packet Analyzer to identify sources of IMDSv1 calls on your EC2 instances.

Instance metadata is data about your instance that you can use to configure or manage the running instance. The Instance Metadata Service version 2 (IMDSv2) is an enhancement for instance metadata access requests that adds defense in depth against unauthorized metadata access. Today, the AWS SDKs and software use IMDSv2 by default. However, to get the full benefits of IMDSv2, you need to disable IMDSv1 on your EC2 instances. This requires identifying your own software and 3rd party applications that are still making IMDSv1 calls and updating them to be IMDSv2 compatible.

Now you can use the IMDS Packet Analyzer to identify the processes and details related to how IMDS was called. The IMDS Packet Analyzer is an open-sourced tool you can run from a command line or install as a service to identify and log IMDSv1 calls from your instance's boot phase. This allows you to pinpoint exactly what you need to update to get your instances ready to use IMDSv2-only.

To learn more about the IMDS Packet Analyzer, including installation instructions, see IMDS Packet Analyzer on GitHub.

To learn more about the Instance Metadata Service and using IMDSv2, see the EC2 User Guide.