Presentation Material
AI Generated Summarymay contain errors
Here is a summary of the content:
The speaker is discussing the migration of AWS instances from IMDS V1 to MDS V2, which is a more secure configuration. To prevent non-compliant instances from being created, in the first place, and to detect any changes, they suggest using controls such as EC2 metadata HTTP tokens or E2 roll delivery with SCP or IAM-based policies.
The speaker also mentions that AWS Config can be used to monitor for any new resources that might come up with IMDS V1. Additionally, Amazon Linux 3 defaults to MDS V2, making it easier to switch to the new configuration.
However, the speaker acknowledges that this process can be time-consuming and tedious. To simplify the process, they have developed a tool called IMD Shift, which automates the migration from end to end. The tool allows users to plan out what accounts, resources, and regions they want to migrate, and it takes care of the rest.
Features of IMD Shift include:
- Migration of EC2 resources
- Selective migration of resources associated with specific services (e.g., EKS, Lambda, SageMaker)
- Built-in visibility module to fetch instance lists and metrics from CloudWatch without logging into the AWS console
- SCP recommendations built into the tool
The speaker invites contributions to the tool and encourages attendees to reach out to them for questions or discussions about cloud and data security.