Skip to content
This repository was archived by the owner on Nov 20, 2025. It is now read-only.
This repository was archived by the owner on Nov 20, 2025. It is now read-only.

False IMDSv1 Violation - AC_AWS_0480 #1320

Closed as not planned
Closed as not planned
False IMDSv1 Violation - AC_AWS_0480#1320
Labels
archived
@dwivediabhimanyu

Description

@dwivediabhimanyu
dwivediabhimanyu
opened on Jul 8, 2022
  • terrascan version: version: v1.15.2
  • Operating System: Windows Server 2016

Description

I am trying to scan a cloudformation template and getting following Violation

{
  "results": {
    "violations": [
      {
        "rule_name": "ec2UsingIMDSv1",
        "description": "EC2 instances should disable IMDS or require IMDSv2 as this can be related to the weaponization phase of kill chain",
        "rule_id": "AC_AWS_0479",
        "severity": "MEDIUM",
        "category": "Infrastructure Security",
        "resource_name": "DomainController",
        "resource_type": "aws_instance",
        "file": "Test_Scan.template",
        "line": 1
      },
      {
        "rule_name": "detailedMonitoringEnabledInstance",
        "description": "Ensure that detailed monitoring is enabled for EC2 instances.",
        "rule_id": "AC_AWS_0480",
        "severity": "HIGH",
        "category": "Logging and Monitoring",
        "resource_name": "DomainController",
        "resource_type": "aws_instance",
        "file": "Test_Scan.template",
        "line": 1
      }
    ],
    "skipped_violations": null,
    "scan_summary": {
      "file/folder": "D:\\terrascan",
      "iac_type": "cft",
      "scanned_at": "2022-07-08 14:24:22.9212666 +0000 UTC",
      "policies_validated": 5,
      "violated_policies": 2,
      "low": 0,
      "medium": 1,
      "high": 1
    }
  }
}

Cloudformation Template

{
    "AWSTemplateFormatVersion": "2010-09-09",
    
    "Description": "Template",
    

    "Metadata": {},
    
    "Resources": {
        "Ec2InstanceLaunchTemplate": {
            "Type" : "AWS::EC2::LaunchTemplate",
            "Properties" : {
                "LaunchTemplateData" : {
                    "MetadataOptions" : {
                        "HttpEndpoint" : "enabled",
                        "HttpPutResponseHopLimit" : 1,
                        "HttpTokens" : "required",
                        "InstanceMetadataTags" : "enabled"
                        }
                    },
                "LaunchTemplateName" : {
                     "Fn::Sub": "${ConfirmInstanceName}-DomainController-${AvailabilityZoneLetter}-Ec2LaunchTemplate"
                }
            }
        },
        "DomainController": {
            "Type": "AWS::EC2::Instance",
            "Properties": {
                "LaunchTemplate" : {
                    "LaunchTemplateId" :  { "Ref": "Ec2InstanceLaunchTemplate" },
                    "Version" : { "Fn::GetAtt" : [ "Ec2InstanceLaunchTemplate", "LatestVersionNumber" ] }
                },
                "BlockDeviceMappings": [
                    {
                        "DeviceName": "/dev/sda1",
                        "Ebs": {
                            "VolumeSize": "30",
                            "DeleteOnTermination": "true",
                            "VolumeType": "gp2"
                        }
                    }
                ],
                "DisableApiTermination": "false",
                "ImageId": "[Windows2016AmiId]"
            }
        }
    },
    
    "Outputs": {
    }
}

Please ignore abnormalities in the template code as I have truncated many lines/resources to simplfy it.

I except to have the voilation solved by disbaling IMDSv1 using Launch Templates but it is still voilating.

What I Did

terrascan scan -i cft -o json

Metadata

Metadata

Assignees

No one assigned

    Labels

    archived

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions