Compute Instances should have legacy metadata service endpoint disabled

oci-compute
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Compute Instances that utilize legacy metadata service endpoints (IMDSv1) are susceptible to potential Server-Side Request Forgery (SSRF) attacks. To help prevent these attacks, it is strongly advised to configure Compute Instances to adopt Instance Metadata Service v2, aligning with the industry’s best security practices.

This rule checks that the legacy Instance Metadata Service (IMDS) endpoints are disabled on OCI Compute instances. Enabling Instance Metadata Service v2 enhances security and grants precise control over metadata access.

Remediation

For guidance on configuring Instance Metadata Service settings, refer to the Updating Instance Metadata section of the Oracle Cloud Infrastructure Documentation.