EKS: Support metadata IMDSv2

kbst / terraform-kubestack

Kubestack is a framework for Kubernetes platform engineering teams to define the entire cloud native stack in one Terraform code base and continuously evolve the platform safely through GitOps.

https://www.kubestack.com

Apache License 2.0

646 stars 92 forks source link

EKS: Support metadata IMDSv2 #334

Open christoph-beckmann-tm opened 6 months ago

christoph-beckmann-tm commented 6 months ago

User Story As EKS user I wanna enable IMDSv2 for my launch templates so that my EC2 instance running without IMDSv1

Full backgrund can be seen here: https://aws.amazon.com/blogs/security/get-the-full-benefits-of-imdsv2-and-disable-imdsv1-across-your-aws-infrastructure/

EC2 instance run with IMDSv2 enable

christoph-beckmann-tm commented 6 months ago

I found metadata_options: https://github.com/kbst/terraform-kubestack/blob/master/aws/cluster/configuration.tf#L33

      metadata_options_http_endpoint               = "enabled"
      metadata_options_http_tokens                 = "required"
      metadata_options_http_put_response_hop_limit = 1

I guess its just missing in the documentation: https://www.kubestack.com/framework/documentation/clusters/#configuration