Why should you use IMDSv2 and not IMDS on AWS EC2

This content originally appeared on DEV Community and was authored by Wojciech Lepczyński

The Instance Metadata Service (IMDS) is a feature of Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances that provides a way for EC2 instances to learn about themselves and their environment. Instance Metadata Service (IMDS) allows you to access data about your ec2 instance which you can use to configure or manage a running instance:

There are two versions of IMDS: IMDSv1 and IMDSv2.

IMDSv2 is the latest version of the service and was introduced to address several security concerns with IMDSv1. Unlike IMDSv1, IMDSv2 is protected by a session token that is obtained using instance credentials, making it much more secure.

Important information about IMDSv2:

• There is no limit to the number of tokens.
• There is no limit to the number of sessions.
• The new version is still limited by normal IMDS connection and throttling limits.
• Sessions can last up to six hours, that is, up to 21600 seconds

Let's go deeper, first generate a token with the following command:

TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`

Now you can use the token, for example with the following command:

curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/instance-id/

If you are interested in the topic, you will learn more about IMDS from my video:

https://youtu.be/91stm1cEIG4

or from my blog:

Information about ec2 from ec2 - IMDS & IMDSv2

In this article you will learn how to get instance_ID ami_ID and other EC2 information from ec2. I'll show you two ways to do it. I will tell you about the best practices and give you good advice. This is extremely helpful when you're creating a script or getting started with automation. You will learn what are the differences between IMDS and IMDSv2.

lepczynski.it

https://lepczynski.it/en/other/information-about-ec2-from-ec2-imds-imdsv2/

This content originally appeared on DEV Community and was authored by Wojciech Lepczyński

Print Share Comment Cite Upload Translate Updates

APA

Wojciech Lepczyński | Sciencx (2023-05-13T20:34:58+00:00) Why should you use IMDSv2 and not IMDS on AWS EC2. Retrieved from https://www.scien.cx/2023/05/13/why-should-you-use-imdsv2-and-not-imds-on-aws-ec2/

MLA

" » Why should you use IMDSv2 and not IMDS on AWS EC2." Wojciech Lepczyński | Sciencx - Saturday May 13, 2023, https://www.scien.cx/2023/05/13/why-should-you-use-imdsv2-and-not-imds-on-aws-ec2/

HARVARD

Wojciech Lepczyński | Sciencx Saturday May 13, 2023 » Why should you use IMDSv2 and not IMDS on AWS EC2., viewed ,<https://www.scien.cx/2023/05/13/why-should-you-use-imdsv2-and-not-imds-on-aws-ec2/>

VANCOUVER

Wojciech Lepczyński | Sciencx - » Why should you use IMDSv2 and not IMDS on AWS EC2. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2023/05/13/why-should-you-use-imdsv2-and-not-imds-on-aws-ec2/

CHICAGO

" » Why should you use IMDSv2 and not IMDS on AWS EC2." Wojciech Lepczyński | Sciencx - Accessed . https://www.scien.cx/2023/05/13/why-should-you-use-imdsv2-and-not-imds-on-aws-ec2/

IEEE

" » Why should you use IMDSv2 and not IMDS on AWS EC2." Wojciech Lepczyński | Sciencx [Online]. Available: https://www.scien.cx/2023/05/13/why-should-you-use-imdsv2-and-not-imds-on-aws-ec2/. [Accessed: ]

rf:citation

» Why should you use IMDSv2 and not IMDS on AWS EC2 | Wojciech Lepczyński | Sciencx | https://www.scien.cx/2023/05/13/why-should-you-use-imdsv2-and-not-imds-on-aws-ec2/ |

Please log in to upload a file.

There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.