From fc245d2ea3779f4b181e63374710730f4781edb1 Mon Sep 17 00:00:00 2001
From: Ryan Cragun <me@ryan.ec>
Date: Fri, 19 Jun 2026 10:32:58 -0600
Subject: [PATCH] [SECVULN-46296, SECVULN-46313]: use IMDSv2 and encrypt
 volumes

Signed-off-by: Ryan Cragun <me@ryan.ec>
---
 .../scenarios/scenario_e2e_aws/modules/target/module.tf  | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/acceptance/scenarios/scenario_e2e_aws/modules/target/module.tf b/acceptance/scenarios/scenario_e2e_aws/modules/target/module.tf
index 42cf4d4..d100367 100644
--- a/acceptance/scenarios/scenario_e2e_aws/modules/target/module.tf
+++ b/acceptance/scenarios/scenario_e2e_aws/modules/target/module.tf
@@ -178,6 +178,15 @@ resource "aws_instance" "target" {
   tags                        = local.tags
   vpc_security_group_ids      = [module.target_sg.id]
   subnet_id                   = aws_subnet.subnet[0].id
+
+  root_block_device {
+    encrypted = true
+  }
+
+  metadata_options {
+    http_tokens   = "required"
+    http_endpoint = "enabled"
+  }
 }
 
 resource "enos_file" "from_source" {