Closed pbrisbin closed 1 year ago
Thanks for the review, addressing these things now. Is there a reason isEC2
uses "http://instance-data/latest"
, while the rest of the calls use "http://169.254.169.254/latest/"
? Does that need to be preserved? It makes it annoying to DRY the token-handling and is the reason I missed it on first coding.
EDIT: it was trivial to preserve, as far as I can tell, so I did.
Is there a reason
isEC2
uses"http://instance-data/latest"
, while the rest of the calls use"http://169.254.169.254/latest/"
?
I believe that in most cases, it's faster to attempt name resolution and have a local nameserver reply "nope", than it is to wait for an addressed TCP connection to the IMDS address to fail to open. Otherwise, you get a stall in any amazonka program not running on EC2 if the earlier auth methods fail to find keys.
Thanks for the quick merge!
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
A few caveats:
This requests a new token on every separate use a
get
. It would be better to support requesting a token first and re-using it across many calls, but the current interface doesn't support that and would have to be re-designed. I'm happy to do that, if given guidance on preferred ergonomics (ReaderT
? Explicit argument passing? Set up theManager
with amodifyRequest
?)The timeout of 21600 comes from the docs. We could probably go shorter given point one.
I don't have any easy way to verify that this works. Does there happen to be integration test coverage?
Closes #745.