Difference between revisions of "AWS Instance Metadata Service (IMDS)"
Jump to navigation
Jump to search
| Line 11: | Line 11: | ||
* [[Datadog AWS Integration Billing]]: If your EC2 instances are configured to require the use of Instance Metadata Service Version 2 (IMDSv2), then you must set the parameter <code>[[ec2_prefer_imdsv2]]</code> to true in your Datadog agent configuration to avoid double-billing. | * [[Datadog AWS Integration Billing]]: If your EC2 instances are configured to require the use of Instance Metadata Service Version 2 (IMDSv2), then you must set the parameter <code>[[ec2_prefer_imdsv2]]</code> to true in your Datadog agent configuration to avoid double-billing. | ||
| + | == Example == | ||
TOKEN=`[[curl -X PUT]] "http://169.254.169.254/latest/api/token" [[-H]] "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && [[curl -H]] "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/[[user-data]] | TOKEN=`[[curl -X PUT]] "http://169.254.169.254/latest/api/token" [[-H]] "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && [[curl -H]] "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/[[user-data]] | ||
| Line 23: | Line 24: | ||
* [[Datadog]]: <code>[[DD_EC2_PREFER_IMDSV2]]</code> | * [[Datadog]]: <code>[[DD_EC2_PREFER_IMDSV2]]</code> | ||
* <code>[[Datadog: EC2 instances should enforce IMDSv2]]</code> | * <code>[[Datadog: EC2 instances should enforce IMDSv2]]</code> | ||
| + | * [[IMDS initiate session]] | ||
* <code>[[Failed to refresh cached credentials, no EC2 IMDS role found]]</code> | * <code>[[Failed to refresh cached credentials, no EC2 IMDS role found]]</code> | ||
Revision as of 09:11, 28 June 2024
Wikipedia:AWS Instance Metadata Service it is a service provided by AWS that allows EC2 instances to access metadata about themselves and their environment.
If you use Auto Scaling groups and you need to require the use of IMDSv2 on all new instances, your Auto Scaling groups must use launch templates.
- Datadog AWS Integration Billing: If your EC2 instances are configured to require the use of Instance Metadata Service Version 2 (IMDSv2), then you must set the parameter
ec2_prefer_imdsv2to true in your Datadog agent configuration to avoid double-billing.
Contents
Example
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/user-data
Activities
Related
- Azure Instance Metadata Service
ec2-imdsv2-check, the rule isNON_COMPLIANTif theHttpTokensis set to optional.aws ec2 describe-instances | grep HttpTokens- AWS EC2 Instance Connect
- Datadog:
DD_EC2_PREFER_IMDSV2 Datadog: EC2 instances should enforce IMDSv2- IMDS initiate session
Failed to refresh cached credentials, no EC2 IMDS role found
See also
- IMDS, IMDS versions (IMDSv2), IMDS initiate session,
ec2-imdsv2-check, aws ec2 modify-instance-metadata-options, /latest/meta-data, /latest/user-data, modify-instance-metadata-defaults - AWS EC2, Amazon EC2 API,
aws ec2, AWS::EC2, Amazon EC2 Spot Instances, CPU credits, Instance type, EC2 limitations, 169.254.169.254, Instance metadata and user data (IMDS),InstanceType, InstanceId, Amazon EC2 Auto Scaling, AWS EC2 Instance Connect, launch template, lifecycle, AWS Security group (SG), Amazon EC2 Recycle Bin, Amazon EC2 Mac Instances, Global View
Advertising:
