Kitchentest instance with IMDSv2

Question

Kitchentest instance with IMDSv2

raghavvidya opened this issue 5 years ago · 4 comments

Hello, Is there any option for running the Kitchen test with AWS metadata version 2(IMDVs2) ?

For more info about AWS IMDSv2
https://aws.amazon.com/about-aws/whats-new/2019/11/announcing-updates-amazon-ec2-instance-metadata-service/

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html

Answer 1 · 2021-01-11T21:26:52.000Z

@raghavvidya Can you provide more information on what you're hoping to do with Test Kitchen and the AWS metadata version 2 and what you can't do at this point?

Answer 2 · 2021-01-28T10:52:41.000Z

The question is how to pass this configuration into the kitchen:

  metadata_options {
    http_endpoint               = "enabled"
    http_tokens                 = "required"
    http_put_response_hop_limit = 1
  }

https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html (--metadata-options)

Answer 3 · 2021-03-24T19:37:23.000Z

I am wondering this as well - organization has a requirement to enforce IMDSv2 on all EC2 instances but I'm not seeing a way to do that with instances generated by test-kitchen. Did anybody figure this out yet?

Answer 4 · 2021-04-20T23:11:25.000Z

Hi, our team is also using kitchen test. We detect that the instances launched have IMDSv1 calls, is there any timeline for kitchen to transition to AWS metadata version 2(IMDVs2)? It may potentially block customers who disable IMDSv1 for security consideration.