I would like users to be able to block access to the IMDS endpoint on EC2 instances running Bottlerocket without requiring the user to build and host a bootstrap container for this purpose.
Any alternatives you've considered:
A bootstrap container can use iptables to block non-root access to the IMDS endpoint, and thus deny access to IMDS for non-privileged containers.
What I'd like:
I would like users to be able to block access to the IMDS endpoint on EC2 instances running Bottlerocket without requiring the user to build and host a bootstrap container for this purpose.
Any alternatives you've considered:
A bootstrap container can use
iptables
to block non-root access to the IMDS endpoint, and thus deny access to IMDS for non-privileged containers.