diff --git a/pkg/policies/opa/rego/aws/aws_instance/AC-AWS-NS-IN-M-1172.json b/pkg/policies/opa/rego/aws/aws_instance/AC-AWS-NS-IN-M-1172.json
new file mode 100644
index 000000000..bb927f5fa
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_instance/AC-AWS-NS-IN-M-1172.json
@@ -0,0 +1,10 @@
+{
+    "name": "ec2UsingIMDSv1",
+    "file": "ec2UsingIMDSv1.rego",
+    "template_args": null,
+    "severity": "MEDIUM",
+    "description": "Ensure there are no ECS instances using IMDSv1",
+    "reference_id": "AC-AWS-NS-IN-M-1172",
+    "category": "Unknown",
+    "version": 1
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_instance/ec2UsingIMDSv1.rego b/pkg/policies/opa/rego/aws/aws_instance/ec2UsingIMDSv1.rego
new file mode 100644
index 000000000..22cf5644f
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_instance/ec2UsingIMDSv1.rego
@@ -0,0 +1,13 @@
+package accurics
+
+ec2UsingIMDSv1[api.id] {
+  api := input.aws_instance[_]
+  not api.config.metadata_options
+}
+
+ec2UsingIMDSv1[api.id] {
+  api := input.aws_instance[_]
+  value := api.config.metadata_options[_]
+  not value.http_endpoint == "disabled"
+  not value.http_tokens == "required"
+}
\ No newline at end of file