Closed rubysolo closed 2 years ago
Hi @rubysolo - thanks for the report. A PR is most welcome, but before you do just double-check that it's not already been resolved by the fix in #873. Cheers.
I reproduced this issue on c8015be. I'm testing a fix and will PR once verified.
If somebody stumbles across timeouts: Currently, using ex_aws on an EC2 instance inside docker using the instance role fails for me in 2.3.1.
ExAws.Request.Hackney.request(:put, "http://169.254.169.254/latest/api/token", "", [{"x-aws-ec2-metadata-token-ttl-seconds", 12800}], follow_redirect: true)
{:error, %{reason: :timeout}}
This is because of the default hop limit, see https://stackoverflow.com/questions/71884350/using-imds-v2-with-token-inside-docker-on-ec2.
Can be fixed by using
aws ec2 modify-instance-metadata-options \
--instance-id <instance-id> \
--http-put-response-hop-limit 2 \
--http-endpoint enabled
It took me quite a while to figure this out...
Environment
Elixir & Erlang versions (elixir --version):
ExAws version
mix deps |grep ex_aws
ex_aws 2.3.0 (Hex package) (mix) locked at 2.3.0 (ex_aws) 54f72732
ex_aws_s3 2.3.2 (Hex package) (mix) locked at 2.3.2 (ex_aws_s3) b235b271
HTTP client version. IE for hackney do
mix deps | grep hackney
Current behavior
Version 2.3.0 does not work as expected with our S3 configuration. When we hit this line, we get a timeout trying to generate an IMDSv2 token.
Expected behavior
IMDSv2 should not be required, as AWS states that IMDSv1 will be supported indefinitely.
If you would like, I could submit a PR that would only use IMDSv2 if required (i.e. if a v1 request returns a 401)