You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
The key has expired.
Add security customizations to the bastion instance @syphernl (#34)
what
Added the ability to encrypt the root block device, off by default.
Added the ability to change the size of the root block device
Added the ability to change the HTTP Metadata endpoint settings (e.g. disable it, force it to IMSv2)
Example modified to encrypt the EBS + turn off IMSv2 per recommendations
why
Checkov recommends to have the root block device encrypted and IMSv1 disabled. See references below for the rationale behind this recommendation.
With the changes in this PR one can configure their Bastion to follow these recommendations.
references
CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled". Rationale behind this can be found in this AWS blog post.
