Compute Instances should have legacy metadata service endpoint disabled

oci-compute
Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

Compute Instances that utilize legacy metadata service endpoints (IMDSv1) are susceptible to potential Server-Side Request Forgery (SSRF) attacks. To help prevent these attacks, it is strongly advised to configure Compute Instances to adopt Instance Metadata Service v2, aligning with the industry’s best security practices.

This rule checks that the legacy Instance Metadata Service (IMDS) endpoints are disabled on OCI Compute instances. Enabling Instance Metadata Service v2 enhances security and grants precise control over metadata access.

Remediation

For guidance on configuring Instance Metadata Service settings, refer to the Updating Instance Metadata section of the Oracle Cloud Infrastructure Documentation.