Change validation of put response hop limit to allow `1` as value to limit access to worker node's metadata endpoint

jakubbujny commented 2 years ago

what

Change validation of metadata_http_put_response_hop_limit variable to allow to set 1 as value.

as standing in EKS best practises to limit access to worker node's metadata endpoint it's required to enable metadata_http_tokens_required and set metadata_http_put_response_hop_limit to 1 - see https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node

aws ec2 modify-instance-metadata-options --instance-id <value> --http-tokens required --http-put-response-hop-limit 1

jakubbujny commented 2 years ago

/test all

Gowiem commented 2 years ago

/test all

christoffer-eide commented 2 years ago

Any hope of getting this PR merged?