Support AWS Instance Metadata Service Version 2 (IMDSv2) for collecting telemetry data

[lancel66]

Is your feature request related to a problem? Please describe. Security audit at customer revealed that AWS IMDSv2 is currently not supported and leaves them open to server-side request forgery (SSRF) attacks. The customer has a large self-hosted DBaaS environment. CockroachDB uses the IMDSv1 endpoint to collect telemetry data.

Describe the solution you'd like Support IMDSv2 and prevent IMDSv1 from being used in collecting telemetry data.

Describe alternatives you've considered Disabling telemetry

Additional context It would be good to support IMDSv2 so customers won't be compelled to disable telemetry in self-hosted environments.

Jira issue: CRDB-17663

[blathers-crl[bot]]

Hello, I am Blathers. I am here to help you get the issue triaged.

I was unable to automatically find someone to ping.

If we have not gotten back to your issue within a few business days, you can try the following:

• Join our community slack channel and ask on #cockroachdb.
• Try find someone from here if you know they worked closely on the area and CC them.

_{:owl: Hoot! I am a Blathers, a bot for CockroachDB. My owner is otan.}

[knz]

cc @thtruo - reassigning to obs infra as per proposed ownership in https://docs.google.com/document/d/1icTRZu2oYW8kSrDrTUwoMG2iKghBkpzBLXWMOCiYyo4/edit