Understanding IMDSv2 Features

Newly announced Amazon EC2 instance types will only utilize version 2 of the EC2 Instance Metadata Service (IMDSv2) as of mid-2024

Amazon are implementing a number of changes to set IMDSv2 as the default option for other launch paths and AWS Management Console Quick Starts

This service can be accessed at a fixed IP address (fd00:ec2::254 on Nitro instances or 169.254.169.254 via IPv4) from within an EC2 instance

While IMDSv2 is already being used and benefiting many applications and instances, its full potential is only unlocked when IMDSv1 is turned off at the AWS account level

With a little leeway on the 2023 and 2024 dates, these are the key actions Amazon have taken and intend to take in order to establish IMDSv2 as the standard option for new AWS infrastructure

Amazon intend to provide a new API function in February 2024 that will give you the ability to manage the account-level use of IMDSv1 as the default. It is currently possible to manage the use of IMDSv1 through an IAM policy