search

aws / aws-extensions-for-dotnet-cli

Extensions to the dotnet CLI to simplify the process of building and publishing .NET Core applications to AWS services
Apache License 2.0
369 stars 87 forks source link

Extensions CLI publishes beanstalk environments with IMDSv1 enabled #290

Closed shruti0085 closed 2 months ago

shruti0085 commented 1 year ago

Describe the feature

Creating an issue here to track https://github.com/aws/aws-toolkit-visual-studio/issues/359 on the Visual Studio Toolkit. The Visual Studio Toolkit leverages the AWS Extensions for Dotnet CLI to power some of the publish experiences including legacy beanstalk deploy support, so any changes to behavior will have to originate in this repository.

Beanstalk environments deployed using the CLI creates environment with IMDSv1 enabled instead of IMDSv2 which is now recommended by AWS.

Use Case

Snippet from the original issue IMDSv1 has been superseded by IMDSv2 and AWS is suggesting to upgrade to it everywhere, since IMDSv2 is inherently more secure. I noticed that when publishing applications with AWS Toolkit to Elastic Beanstalk, the EC2 instances have the IMDSv1 property activated.

Proposed Solution

Support creating IMDSv2 enabled beanstalk environments

Other Information

No response

Acknowledgements

Targeted .NET platform

Unavailable

CLI extension version

No response

Environment details (OS name and version, etc.)

Windows

ashishdhingra commented 1 year ago

There is a related issue for .NET Deploy tool as well.

ashishdhingra commented 2 months ago

Amazon.ElasticBeanstalk.Tools version 4.4.0 adds support for new boolean command line parameter --disable-imds-v1 which could be set to true to disable IMSDv1.

github-actions[bot] commented 2 months ago

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.