(aws-autoscaling): AutoScalingGroup.requireImdsv2 throws error with LaunchTemplates

patlougheed commented 11 months ago

Describe the bug

When configuring an AutoScalingGroup with requireImdsv2 set to true and the generateLaunchTemplateInsteadOfLaunchConfig context flag set to true, cdk synth throws an error:

RuntimeError: TypeError: Cannot read properties of undefined (reading 'metadataOptions')

Expected Behavior

No error; launch template should have LaunchTemplateData.MetadataOptions.HttpTokens set to "required" in resulting CloudFormation output.

Current Behavior

cdk synth yields:

cdk synth
jsii.errors.JavaScriptError:
  @jsii/kernel.RuntimeError: TypeError: Cannot read properties of undefined (reading 'metadataOptions')
      at Kernel._Kernel_ensureSync (/private/var/folders/xw/cr5bdphj6v329dhsnsp7g4cm0000gn/T/tmppv5ogwr4/lib/program.js:10487:23)
      at Kernel.invoke (/private/var/folders/xw/cr5bdphj6v329dhsnsp7g4cm0000gn/T/tmppv5ogwr4/lib/program.js:9851:102)
      at KernelHost.processRequest (/private/var/folders/xw/cr5bdphj6v329dhsnsp7g4cm0000gn/T/tmppv5ogwr4/lib/program.js:11691:36)
      at KernelHost.run (/private/var/folders/xw/cr5bdphj6v329dhsnsp7g4cm0000gn/T/tmppv5ogwr4/lib/program.js:11651:22)
      at Immediate._onImmediate (/private/var/folders/xw/cr5bdphj6v329dhsnsp7g4cm0000gn/T/tmppv5ogwr4/lib/program.js:11652:46)
      at process.processImmediate (node:internal/timers:478:21)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File ".../app.py", line 28, in <module>
    app.synth()
  File ".../.venv/lib/python3.10/site-packages/aws_cdk/__init__.py", line 21202, in synth
    return typing.cast(_CloudAssembly_c693643e, jsii.invoke(self, "synth", [options]))
  File "....venv/lib/python3.10/site-packages/jsii/_kernel/__init__.py", line 149, in wrapped
    return _recursize_dereference(kernel, fn(kernel, *args, **kwargs))
  File ".../.venv/lib/python3.10/site-packages/jsii/_kernel/__init__.py", line 399, in invoke
    response = self.provider.invoke(
  File ".../.venv/lib/python3.10/site-packages/jsii/_kernel/providers/process.py", line 380, in invoke
    return self._process.send(request, InvokeResponse)
  File ".../.venv/lib/python3.10/site-packages/jsii/_kernel/providers/process.py", line 342, in send
    raise RuntimeError(resp.error) from JavaScriptError(resp.stack)
RuntimeError: TypeError: Cannot read properties of undefined (reading 'metadataOptions')

Subprocess exited with error 1

Reproduction Steps

In stack.py:

from aws_cdk import (
    aws_autoscaling as autoscaling,
    aws_ec2 as ec2,
    Stack
)
from constructs import Construct

class TroubleshootingStack(Stack):
    def __init__(self, scope: Construct, id: str, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        vpc = ec2.Vpc(self, 'Vpc')
        autoscaling.AutoScalingGroup(self, 'AutoscalingGroup', vpc=vpc, require_imdsv2=True)

In cdk.json:

{
  "app": "python3 app.py",
  "context": {
    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true
  }
}

Then run cdk synth.

Possible Solution

aws-autoscaling/lib/aspects/require-imdsv2-aspect.ts appears to target LaunchConfigurations only, not LaunchTemplates.

It similar aspect in (aws-ec2)[https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-ec2/lib/aspects/require-imdsv2-aspect.ts] has similar code that appears to support LaunchTemplates.

Additional Information/Context

No response

CDK CLI Version

2.101.1

Framework Version

2.101.1

Node.js Version

v20.7.0

OS

MacOS 14

Language

Python

Language Version

Python 3.10.9

Other information

No response

khushail commented 11 months ago

Hi @patlougheed , thanks for reaching out. I tried to reproduce the error with this updated code -

        asg = autoscaling.AutoScalingGroup(
            self, "DefaultAutoScalingGroup",
            instance_type=ec2.InstanceType("t2.micro"),
            machine_image=ecs.EcsOptimizedImage.amazon_linux2(),
            vpc=vpc,
            require_imdsv2= True,
        )

I can confirm the error. Here is a similiar non-responsive issue created in the past as well. Marking this as P1.

github-actions[bot] commented 11 months ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

dendle commented 1 week ago

Hi folks - this problem appears to also exist when using A LaunchTemplate with a MixedInstancesPolicy and RequireImdsv2=true

dendle commented 1 week ago

Going to see if I can get a PR on the go for the above issue

thorbenw commented 6 days ago

I also get the above error, but was able to solve it by setting RequireImdsv2 only on the launch template, but not on the auto scaling group itself. Maybe the RequireImdsv2 property should just receive a few changes in packages/aws-cdk-lib/aws-autoscaling/lib/auto-scaling-group.ts, like

An annotation like some other properties (e.g. SecurityGroup, Role, etc.) have, saying * 'launchTemplate' and 'mixedInstancesPolicy' must not be specified when this property is specified
A check included in the verifyNoLaunchConfigPropIsGiven() method to give a more meaningful error message on synth

aws / aws-cdk