Difference between revisions of "AWS Instance Metadata Service (IMDS)"
Jump to navigation
Jump to search
| (18 intermediate revisions by 2 users not shown) | |||
| Line 2: | Line 2: | ||
| − | * [[Instance metadata | + | * <code>[[aws ec2 modify-instance-metadata-options]]</code> |
| + | * [[IMDSv2]] | ||
| + | |||
| + | If you use [[Auto Scaling groups]] and you need to require the use of IMDSv2 on all new instances, your Auto Scaling groups must use [[launch templates]]. | ||
| + | |||
| + | * [[Datadog AWS Integration Billing]]: If your EC2 instances are configured to require the use of Instance Metadata Service Version 2 (IMDSv2), then you must set the parameter ec2_prefer_imdsv2 to true in your Datadog agent configuration to avoid double-billing. | ||
| + | |||
| + | TOKEN=`[[curl -X PUT]] "http://169.254.169.254/latest/api/token" [[-H]] "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && [[curl -H]] "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/[[user-data]] | ||
| + | == Related == | ||
* [[Azure Instance Metadata Service]] | * [[Azure Instance Metadata Service]] | ||
| − | + | * [[Instance metadata and user data]] | |
| − | * [[ | + | * <code>[[ec2-imdsv2-check]]</code>, the rule is <code>[[NON_COMPLIANT]]</code> if the <code>[[HttpTokens]]</code> is set to optional. |
| + | * <code>[[aws ec2 describe-instances]] | grep [[HttpTokens]]</code> | ||
| + | * [[AWS EC2 Instance Connect]] | ||
| + | * [[Datadog]]: <code>[[DD_EC2_PREFER_IMDSV2]]</code> | ||
| + | * [[IMDS initiate session]] | ||
| + | * <code>[[Failed to refresh cached credentials, no EC2 IMDS role found]]</code> | ||
== See also == | == See also == | ||
| − | * {{AWS}} | + | * {{IMDS}} |
| + | * {{AWS EC2}} | ||
[[Category:AWS]] | [[Category:AWS]] | ||
Latest revision as of 11:04, 26 February 2024
If you use Auto Scaling groups and you need to require the use of IMDSv2 on all new instances, your Auto Scaling groups must use launch templates.
- Datadog AWS Integration Billing: If your EC2 instances are configured to require the use of Instance Metadata Service Version 2 (IMDSv2), then you must set the parameter ec2_prefer_imdsv2 to true in your Datadog agent configuration to avoid double-billing.
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/user-data
Related[edit]
- Azure Instance Metadata Service
- Instance metadata and user data
ec2-imdsv2-check, the rule isNON_COMPLIANTif theHttpTokensis set to optional.aws ec2 describe-instances | grep HttpTokens- AWS EC2 Instance Connect
- Datadog:
DD_EC2_PREFER_IMDSV2 - IMDS initiate session
Failed to refresh cached credentials, no EC2 IMDS role found
See also[edit]
- IMDS, IMDSv2,
ec2-imdsv2-check, aws ec2 modify-instance-metadata-options, /latest/meta-data, /latest/user-data - AWS EC2, Amazon EC2 API,
aws ec2, AWS::EC2, Amazon EC2 Spot Instances, CPU credits, Instance type, EC2 limitations, 169.254.169.254, Instance metadata and user data (IMDS),InstanceType, InstanceId, Amazon EC2 Auto Scaling, AWS EC2 Instance Connect, launch template, lifecycle, AWS Security group (SG), Amazon EC2 Recycle Bin, Amazon EC2 Mac Instances, Global View
Advertising:
