search

aws / aws-toolkit-visual-studio

AWS Toolkit for Visual Studio - a plugin to interact with AWS
https://aws.amazon.com/visualstudio/
Apache License 2.0
111 stars 29 forks source link

Publish to Elastic Beanstalk should expose IMDSv1 parameter #359

Open igordust opened 1 year ago

igordust commented 1 year ago

IMDSv1 has been superseded by IMDSv2 and AWS is suggesting to upgrade to it everywhere, since IMDSv2 is inherently more secure. I noticed that when publishing applications with AWS Toolkit to Elastic Beanstalk, the EC2 instances have the IMDSv1 property activated.

Deploying a workload with a possible insecure setting should be avoided whenever possible, especially for a tool such as AWS Toolkit that is thought hide complexities and details that aren't needed for a developer that is approaching to AWS for the first time. For this reason I suggest to set IMDSv1 as disabled by default and expose the parameter in the configuration in the publish wizard.

Optionally, I would also add a link to AWS documentation that explains what IMDS is in general and why IMDSv1 should be disabled.

shruti0085 commented 1 year ago

Thank you for bringing this issue to our attention. We are investigating further.