AWS AWSEC2 high security documentation change
Summary
Updated metadata endpoint from '/latest/dynamic/instance-identity/document' to '/latest/meta-data/product-codes'
Security assessment
Corrects insecure metadata endpoint usage that exposed billingProducts/marketplaceProductCodes. Using dedicated product-codes endpoint reduces attack surface and follows IMDSv2 best practices.
Diff
diff --git a/AWSEC2/latest/UserGuide/get-product-code.md b/AWSEC2/latest/UserGuide/get-product-code.md index 88319bb9c..b097f7297 100644 --- a//AWSEC2/latest/UserGuide/get-product-code.md +++ b//AWSEC2/latest/UserGuide/get-product-code.md @@ -20 +20 @@ Run the following command from your Linux instance. - && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/document | grep -E 'billingProducts|marketplaceProductCodes' + && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/product-codes