AWS Instance MetaData Service V2 support #1490
Comments
|
Agreed looks good to implement and thanks for the PR #1489 |
|
I've proposed a solution #1489. Let me know what you think :) |
|
@harshavardhana do you have any rough guess as to when somebody would have time to have a look at this? (days vs weeks vs months) |
This week for sure @michaelfoley1 |
|
closing this issue as PR #1489 has been merged |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In 2019 AWS added a new version (v2) of their metadata service that is more resilient to relay attacks being performed against an instance's locally linked metadata API.
It would be amazing to support v2 of this API so this library can be used in environments where credentials generated using the v1 api have been disabled.
AWS announcement:
https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
More information:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
You can see how other SDKs implement it here:
https://github.com/boto/botocore/blob/370cdf7d708c92bf21a42f15392f7be330cf8f80/botocore/utils.py#L370
https://github.com/aws/aws-sdk-go/blob/e2d6cb448883e4f4fcc5246650f89bde349041ec/aws/ec2metadata/service.go#L188
https://github.com/aws/aws-sdk-js/blob/307e82673b48577fce4389e4ce03f95064e8fe0d/lib/metadata_service.js#L113
The text was updated successfully, but these errors were encountered: