Autoscaling Hop Limit Should Be Checked
More Info:
This rule checks the number of network hops that the metadata token can travel. This rule is NON_COMPLIANT if the Metadata response hop limit is greater than 1.Risk Level
MediumAddress
ConfigurationCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the “Autoscaling Hop Limit Should Be Checked” misconfiguration for AWS EC2 using the AWS console, follow these steps:
- Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and login with your credentials.
- Navigate to EC2 Dashboard: Click on the “Services” dropdown menu at the top left corner and select “EC2” under the Compute section.
- Select Auto Scaling Groups: In the EC2 Dashboard, locate and click on “Auto Scaling Groups” from the navigation pane on the left.
- Select the Auto Scaling Group: Identify the Auto Scaling Group that you want to remediate and click on its name to select it.
- Edit Auto Scaling Group: In the Auto Scaling Group details page, click on the “Edit” button to modify the group settings.
- Configure Auto Scaling Group: Scroll down to find the “Advanced Details” section and look for the “Instance Protection” settings.
- Enable Instance Protection: In the “Instance Protection” settings, you should find an option related to “Autoscaling Hop Limit”. Enable this option by checking the box or setting an appropriate value based on your requirements.
- Save Changes: Once you have enabled the Autoscaling Hop Limit or set the appropriate value, scroll to the bottom of the page and click on the “Save” button to apply the changes.
- Verify Configuration: After saving the changes, it is recommended to verify that the Autoscaling Hop Limit setting has been successfully applied. You can do this by checking the configuration details of the Auto Scaling Group.
Using CLI
Using CLI
To remediate the misconfiguration of Autoscaling Hop Limit not being checked for AWS EC2 using AWS CLI, follow these steps:Replace Replace
- Open your terminal or command prompt.
- Run the following AWS CLI command to describe the Auto Scaling groups in your AWS account:
- Identify the Auto Scaling group that you want to update with the Autoscaling Hop Limit.
- Run the following AWS CLI command to update the Auto Scaling group with the Autoscaling Hop Limit:
<your-auto-scaling-group-name> with the actual name of your Auto Scaling group.- Verify that the Autoscaling Hop Limit has been successfully updated by running the following AWS CLI command:
<your-auto-scaling-group-name> with the actual name of your Auto Scaling group.- Ensure that the output of the above command shows “ELB” as the HealthCheckType, which indicates that the Autoscaling Hop Limit has been successfully updated.
Using Python
Using Python
To remediate the “Autoscaling Hop Limit Should Be Checked” misconfiguration for AWS EC2 using Python, you can use the AWS SDK for Python (Boto3) to update the Auto Scaling Group settings. Here are the step-by-step instructions:
- Install Boto3:
- Use the following Python script to update the Auto Scaling Group settings to check the “Autoscaling Hop Limit”:
-
Replace
'YOUR_AUTO_SCALING_GROUP_NAME'with the name of your Auto Scaling Group. - Run the Python script to update the Auto Scaling Group settings. This will enable the “Autoscaling Hop Limit” check for the specified Auto Scaling Group.