• Rule: ec2-launch-template-imdsv2-check
• Assignment: Launch an EC2 template without using imdsv V2

Watch Config flag it as non-compliant, fix it by enabling v2 in creation

Learning Outcome: Configuration Security Enforcement

✅Launch an EC2 template that allows IMDSv1

When you launch an EC2 template from the AWS Management Console, the default setting for the metadata service is "V1 and V2 (token optional)." This is what makes the template non-compliant with a security standard that requires IMDSv2.

Log in to the AWS Management Console and navigate to the EC2 Dashboard.

                                                               **Screenshot showing the EC2 launch template dashboard**

✅ Step 1: Created a Non-Compliant EC2 Launch Template

We opened the EC2 Console

• Navigated to Launch Templates > Create Launch Template
• Gave the template a name
• Selected an Amazon Machine Image (AMI) and instance type
• Left all default values, but under Advanced Details, in the Metadata options, we selected:
• Metadata version: “V1 or V2 (optional). This setting means IMDSv2 is not enforced, which is considered a misconfiguration
• Saved the template and launched an EC2 instance using it

                 **Screenshot showing where we choose the V1 and V2 (token option)**

Proceed with the rest of the launch process and create your template.

                          **Screenshot showing the successful creation of the EC2 launch template**

Now set up AWS Config and watch it flag the instance