docs: Update README to restrict max hop limit for IMDSv2 (#247)

terraform-aws-modules · Oct 30, 2023 · 25eee4b · 25eee4b
1 parent 00aadef
commit 25eee4b
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -121,10 +121,13 @@ module "asg" {
     }
   }
 
+  # This will ensure imdsv2 is enabled, required, and a single hop which is aws security
+  # best practices
+  # See https://docs.aws.amazon.com/securityhub/latest/userguide/autoscaling-controls.html#autoscaling-4
   metadata_options = {
     http_endpoint               = "enabled"
     http_tokens                 = "required"
-    http_put_response_hop_limit = 32
+    http_put_response_hop_limit = 1
   }
 
   network_interfaces = [