diff --git a/terraform/aws/modules/generic-server/resources.tf b/terraform/aws/modules/generic-server/resources.tf
index e91cf25c..8af8b882 100644
--- a/terraform/aws/modules/generic-server/resources.tf
+++ b/terraform/aws/modules/generic-server/resources.tf
@@ -33,6 +33,9 @@ resource "aws_instance" "this" {
   private_ip             = var.private_ip
   vpc_security_group_ids = [aws_security_group.this.id]
   user_data              = var.user_data
+  metadata_options {
+    http_tokens = "required"
+  }
 
   root_block_device {
     volume_type           = var.root_volume_type
@@ -58,7 +61,7 @@ output "instance" {
 
 resource "aws_ec2_traffic_mirror_session" "zeek_session" {
   for_each = var.zeek_monitor ? { zeek = true } : {}
-  
+
   description              = "Zeek Mirror Session for ${var.server_name}"
   depends_on               = [aws_instance.this]
   traffic_mirror_filter_id = var.zeek_traffic_mirror_filter_id
@@ -66,6 +69,3 @@ resource "aws_ec2_traffic_mirror_session" "zeek_session" {
   network_interface_id     = aws_instance.this.primary_network_interface_id
   session_number           = var.zeek_session_number
 }
-
-
-
diff --git a/terraform/aws/modules/router/resources.tf b/terraform/aws/modules/router/resources.tf
index ec8bfb53..b8c7b502 100644
--- a/terraform/aws/modules/router/resources.tf
+++ b/terraform/aws/modules/router/resources.tf
@@ -32,17 +32,20 @@ resource "aws_instance" "router" {
   subnet_id              = var.subnet_id
   private_ip             = var.private_ip
   vpc_security_group_ids = [aws_security_group.default.id]
+  metadata_options {
+    http_tokens = "required"
+  }
 
   associate_public_ip_address = true
 
   root_block_device {
-    volume_type = "gp3"
-    volume_size = "30"
+    volume_type           = "gp3"
+    volume_size           = "30"
     delete_on_termination = "true"
-    encrypted  = "true"
+    encrypted             = "true"
   }
 
   tags = {
     Name = "ar-router-${var.attack_range_id}"
   }
-}
\ No newline at end of file
+}
diff --git a/terraform/aws/modules/zeek-server/resources.tf b/terraform/aws/modules/zeek-server/resources.tf
index a2b50639..9cd25f2f 100644
--- a/terraform/aws/modules/zeek-server/resources.tf
+++ b/terraform/aws/modules/zeek-server/resources.tf
@@ -26,13 +26,16 @@ resource "aws_security_group" "zeek_server" {
 }
 
 resource "aws_instance" "zeek_sensor" {
-  count       = var.zeek_server ? 1 : 0
-  ami           = var.ami_id
-  instance_type = "m5.2xlarge"
-  key_name      = var.key_name
-  subnet_id = var.subnet_id
+  count                  = var.zeek_server ? 1 : 0
+  ami                    = var.ami_id
+  instance_type          = "m5.2xlarge"
+  key_name               = var.key_name
+  subnet_id              = var.subnet_id
   vpc_security_group_ids = [aws_security_group.zeek_server[0].id]
-  private_ip = var.private_ip
+  private_ip             = var.private_ip
+  metadata_options {
+    http_tokens = "required"
+  }
 
   tags = {
     Name = "ar-${var.server_name}-${var.attack_range_id}"
@@ -47,34 +50,34 @@ resource "aws_instance" "zeek_sensor" {
 }
 
 resource "aws_ec2_traffic_mirror_target" "zeek_target" {
-  count = var.zeek_server ? 1 : 0
+  count                = var.zeek_server ? 1 : 0
   description          = "VPC Tap for Zeek"
   network_interface_id = aws_instance.zeek_sensor[0].primary_network_interface_id
 }
 
 resource "aws_ec2_traffic_mirror_filter" "zeek_filter" {
-  count = var.zeek_server ? 1 : 0
+  count       = var.zeek_server ? 1 : 0
   description = "Zeek Mirror Filter - Allow All"
 }
 
 resource "aws_ec2_traffic_mirror_filter_rule" "zeek_outbound" {
-  count = var.zeek_server ? 1 : 0
-  description = "Zeek Outbound Rule"
+  count                    = var.zeek_server ? 1 : 0
+  description              = "Zeek Outbound Rule"
   traffic_mirror_filter_id = aws_ec2_traffic_mirror_filter.zeek_filter[0].id
-  destination_cidr_block = "0.0.0.0/0"
-  source_cidr_block = "0.0.0.0/0"
-  rule_number = 1
-  rule_action = "accept"
-  traffic_direction = "egress"
+  destination_cidr_block   = "0.0.0.0/0"
+  source_cidr_block        = "0.0.0.0/0"
+  rule_number              = 1
+  rule_action              = "accept"
+  traffic_direction        = "egress"
 }
 
 resource "aws_ec2_traffic_mirror_filter_rule" "zeek_inbound" {
-  count = var.zeek_server ? 1 : 0
-  description = "Zeek Inbound Rule"
+  count                    = var.zeek_server ? 1 : 0
+  description              = "Zeek Inbound Rule"
   traffic_mirror_filter_id = aws_ec2_traffic_mirror_filter.zeek_filter[0].id
-  destination_cidr_block = "0.0.0.0/0"
-  source_cidr_block = "0.0.0.0/0"
-  rule_number = 1
-  rule_action = "accept"
-  traffic_direction = "ingress"
+  destination_cidr_block   = "0.0.0.0/0"
+  source_cidr_block        = "0.0.0.0/0"
+  rule_number              = 1
+  rule_action              = "accept"
+  traffic_direction        = "ingress"
 }