Remediate AWS IMDSv1

Description

Simple tool to identify and remediate the use of the AWS EC2 Instance Metadata Service (IMDS) v1. For additional details, refer to the accompanying blog post.

Dependencies

Setup a virtual environment and install dependencies:

$ virtualenv -p python3 venv
$ source venv/bin/activate
$ pip install -r requirements.txt

Usage

View options:

$ python remediate-imdsv1.py -h   

usage: remediate-imdsv1.py [-h] [-p AWS_PROFILE] [-r] [-d]

Analyze IMDSv1 usage and enforce v2.

optional arguments:
  -h, --help            show this help message and exit
  -p AWS_PROFILE, --profile AWS_PROFILE
                        The profile with access to the desired AWS account
  -r, --remediate       Enforce IMDSv2 on all instances (default=False)
  -d, --debug           Verbose output. Will also create a log file

Run:

$ python remediate-imdsv1.py --profile <profile name> --remediate --debug

2021-05-31 16:46:51 w remediate-imdsv1[12107] INFO Starting
2021-05-31 16:46:51 w remediate-imdsv1[12107] INFO Identifying instances
2021-05-31 16:46:51 w remediate-imdsv1[12107] DEBUG Running against region us-west-2
2021-05-31 16:46:51 w remediate-imdsv1[12107] DEBUG Running against region eu-north-1
2021-05-31 16:46:52 w remediate-imdsv1[12107] DEBUG Running against region ap-south-1
2021-05-31 16:46:53 w remediate-imdsv1[12107] DEBUG Running against region eu-west-3
2021-05-31 16:46:53 w remediate-imdsv1[12107] DEBUG Running against region eu-west-2
2021-05-31 16:46:53 w remediate-imdsv1[12107] DEBUG Running against region eu-west-1
2021-05-31 16:46:53 w remediate-imdsv1[12107] DEBUG Running against region ap-northeast-3
2021-05-31 16:46:55 w remediate-imdsv1[12107] DEBUG Running against region ap-northeast-2
2021-05-31 16:46:56 w remediate-imdsv1[12107] DEBUG Running against region ap-northeast-1
2021-05-31 16:46:57 w remediate-imdsv1[12107] DEBUG Running against region sa-east-1
2021-05-31 16:46:59 w remediate-imdsv1[12107] DEBUG Running against region ca-central-1
2021-05-31 16:46:59 w remediate-imdsv1[12107] DEBUG Running against region ap-southeast-1
2021-05-31 16:47:00 w remediate-imdsv1[12107] DEBUG Running against region ap-southeast-2
2021-05-31 16:47:02 w remediate-imdsv1[12107] DEBUG Running against region eu-central-1
2021-05-31 16:47:02 w remediate-imdsv1[12107] DEBUG Running against region us-east-1
2021-05-31 16:47:02 w remediate-imdsv1[12107] DEBUG Identified arn:aws:ec2:us-east-1:account:instance/i-1234567890
2021-05-31 16:47:03 w remediate-imdsv1[12107] DEBUG Running against region us-east-2
2021-05-31 16:47:04 w remediate-imdsv1[12107] DEBUG Running against region us-west-1
2021-05-31 16:47:05 w remediate-imdsv1[12107] DEBUG Running against region us-west-2
2021-05-31 16:47:06 w remediate-imdsv1[12107] INFO Remediating instances
2021-05-31 16:47:06 w remediate-imdsv1[12107] DEBUG Remediating arn:aws:ec2:us-east-1:account:instance/i-1234567890
2021-05-31 16:47:09 w remediate-imdsv1[12107] INFO Done

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
LICENSE.md		LICENSE.md
README.md		README.md
gitignore		gitignore
remediate-imdsv1.py		remediate-imdsv1.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LICENSE.md

LICENSE.md

README.md

README.md

gitignore

gitignore

remediate-imdsv1.py

remediate-imdsv1.py

requirements.txt

requirements.txt

Repository files navigation

Remediate AWS IMDSv1

Description

Dependencies

Usage

About

Releases

Contributors 2

Languages

License

latacora/remediate-AWS-IMDSv1

Folders and files

Latest commit

History

Repository files navigation

Remediate AWS IMDSv1

Description

Dependencies

Usage

About

Topics

Resources

License

Stars

Watchers

Forks

Languages