diff --git a/launch_template.tf b/launch_template.tf
index 90ac985..1b7280f 100644
--- a/launch_template.tf
+++ b/launch_template.tf
@@ -14,6 +14,12 @@ resource "aws_launch_template" "sensor_launch_template" {
     }
   }
 
+  # CKV_AWS_79: Enforce IMDSv2 (Instance Metadata Service Version 2)
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
+
   block_device_mappings {
     device_name = var.sensor_launch_template_volume_name