Policy: AWS > EC2 > Instance > Metadata Service > HTTP Token Hop Limit > Comparison Mode
How the HTTP Token Hop Limit policy value is compared against the instance's actual hop limit.
* Exact match - The instance must use exactly the configured hop limit. When enforcing, the hop limit is set to the configured value (raising or lowering it).
* Maximum - The configured value is treated as a maximum (a security ceiling). The instance's hop limit must be at or below it; a lower, more restrictive limit is also compliant. When enforcing, only a hop limit that exceeds the value is lowered to it — a hop limit already at or below the value is never raised.
Defaults to Exact match to preserve the original declarative behavior.
Targets
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
Setting this policy configures this control:
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/resourceDataProtection
- tmod:@turbot/aws-ec2#/policy/types/instanceMetadataServiceTokenHopLimitComparisonMode
- turbot graphql policy-type --id "tmod:@turbot/aws-ec2#/policy/types/instanceMetadataServiceTokenHopLimitComparisonMode"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-ec2#/policy/types/instanceMetadataServiceTokenHopLimitComparisonMode"
Get Policy TypeGet Policy Settings