More Info:

Ensure that all the Amazon EC2 instances require the use of Instance Metadata Service Version 2 (IMDSv2) when requesting instance metadata in order to protect against vulnerabilities that could be used to access the Instance Metadata Service (IMDS). IMDSv2 uses session-oriented requests. This allows you to create a session token that defines the session duration, which can be a minimum of 1 second and a maximum of 6 hours. During this duration, you can use the same session token for subsequent metadata requests. After this duration expires, you must create a new session token to use for future requests.

Risk Level

Medium

Address

Security

Compliance Standards

CBP, NISTCSF

Triage and Remediation

Remediation

Using Console

Additional Reading: