More Info:

This rule checks the number of network hops that the metadata token can travel. This rule is NON_COMPLIANT if the Metadata response hop limit is greater than 1.

Risk Level

Medium

Address

Configuration

Compliance Standards

CBP

Triage and Remediation

Remediation

To remediate the “Autoscaling Hop Limit Should Be Checked” misconfiguration for AWS EC2 using the AWS console, follow these steps:

  1. Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and login with your credentials.

  2. Navigate to EC2 Dashboard: Click on the “Services” dropdown menu at the top left corner and select “EC2” under the Compute section.

  3. Select Auto Scaling Groups: In the EC2 Dashboard, locate and click on “Auto Scaling Groups” from the navigation pane on the left.

  4. Select the Auto Scaling Group: Identify the Auto Scaling Group that you want to remediate and click on its name to select it.

  5. Edit Auto Scaling Group: In the Auto Scaling Group details page, click on the “Edit” button to modify the group settings.

  6. Configure Auto Scaling Group: Scroll down to find the “Advanced Details” section and look for the “Instance Protection” settings.

  7. Enable Instance Protection: In the “Instance Protection” settings, you should find an option related to “Autoscaling Hop Limit”. Enable this option by checking the box or setting an appropriate value based on your requirements.

  8. Save Changes: Once you have enabled the Autoscaling Hop Limit or set the appropriate value, scroll to the bottom of the page and click on the “Save” button to apply the changes.

  9. Verify Configuration: After saving the changes, it is recommended to verify that the Autoscaling Hop Limit setting has been successfully applied. You can do this by checking the configuration details of the Auto Scaling Group.

By following these steps, you can remediate the “Autoscaling Hop Limit Should Be Checked” misconfiguration for AWS EC2 using the AWS console.