Difference between revisions of "AWS Instance Metadata Service (IMDS)"
Jump to navigation
Jump to search
(14 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | [[Wikipedia:AWS Instance Metadata Service]] it is a service provided by [[AWS]] that allows [[EC2]] instances to access metadata about themselves and their environment. | ||
+ | |||
* https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html | * https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html | ||
* <code>[[aws ec2 modify-instance-metadata-options]]</code> | * <code>[[aws ec2 modify-instance-metadata-options]]</code> | ||
− | * [[IMDSv2]] | + | * [[IMDS versions]]: [[IMDSv2]] |
+ | * [[IMDS initiate session]] | ||
+ | |||
If you use [[Auto Scaling groups]] and you need to require the use of IMDSv2 on all new instances, your Auto Scaling groups must use [[launch templates]]. | If you use [[Auto Scaling groups]] and you need to require the use of IMDSv2 on all new instances, your Auto Scaling groups must use [[launch templates]]. | ||
− | * [[Datadog AWS Integration Billing]]: If your EC2 instances are configured to require the use of Instance Metadata Service Version 2 (IMDSv2), then you must set the parameter ec2_prefer_imdsv2 to true in your Datadog agent configuration to avoid double-billing. | + | * [[Datadog AWS Integration Billing]]: If your EC2 instances are configured to require the use of Instance Metadata Service Version 2 (IMDSv2), then you must set the parameter <code>[[ec2_prefer_imdsv2]]</code> to true in your Datadog agent configuration to avoid double-billing. |
+ | === Metadata Endpoint === | ||
+ | <code> http://169.254.169.254/latest/meta-data/</code> | ||
+ | |||
+ | == Example == | ||
TOKEN=`[[curl -X PUT]] "http://169.254.169.254/latest/api/token" [[-H]] "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && [[curl -H]] "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/[[user-data]] | TOKEN=`[[curl -X PUT]] "http://169.254.169.254/latest/api/token" [[-H]] "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && [[curl -H]] "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/[[user-data]] | ||
+ | |||
+ | == Activities == | ||
+ | * [[Transition to using Instance Metadata Service Version 2]] | ||
== Related == | == Related == | ||
* [[Azure Instance Metadata Service]] | * [[Azure Instance Metadata Service]] | ||
− | |||
* <code>[[ec2-imdsv2-check]]</code>, the rule is <code>[[NON_COMPLIANT]]</code> if the <code>[[HttpTokens]]</code> is set to optional. | * <code>[[ec2-imdsv2-check]]</code>, the rule is <code>[[NON_COMPLIANT]]</code> if the <code>[[HttpTokens]]</code> is set to optional. | ||
* <code>[[aws ec2 describe-instances]] | grep [[HttpTokens]]</code> | * <code>[[aws ec2 describe-instances]] | grep [[HttpTokens]]</code> | ||
* [[AWS EC2 Instance Connect]] | * [[AWS EC2 Instance Connect]] | ||
* [[Datadog]]: <code>[[DD_EC2_PREFER_IMDSV2]]</code> | * [[Datadog]]: <code>[[DD_EC2_PREFER_IMDSV2]]</code> | ||
− | * [[Datadog: EC2 instances should enforce IMDSv2]] | + | * <code>[[Datadog: EC2 instances should enforce IMDSv2]]</code> |
* [[IMDS initiate session]] | * [[IMDS initiate session]] | ||
* <code>[[Failed to refresh cached credentials, no EC2 IMDS role found]]</code> | * <code>[[Failed to refresh cached credentials, no EC2 IMDS role found]]</code> | ||
== See also == | == See also == | ||
+ | * {{IMDS cmd}} | ||
* {{IMDS}} | * {{IMDS}} | ||
* {{AWS EC2}} | * {{AWS EC2}} | ||
[[Category:AWS]] | [[Category:AWS]] |
Latest revision as of 09:19, 28 June 2024
Wikipedia:AWS Instance Metadata Service it is a service provided by AWS that allows EC2 instances to access metadata about themselves and their environment.
If you use Auto Scaling groups and you need to require the use of IMDSv2 on all new instances, your Auto Scaling groups must use launch templates.
- Datadog AWS Integration Billing: If your EC2 instances are configured to require the use of Instance Metadata Service Version 2 (IMDSv2), then you must set the parameter
ec2_prefer_imdsv2
to true in your Datadog agent configuration to avoid double-billing.
Metadata Endpoint[edit]
http://169.254.169.254/latest/meta-data/
Example[edit]
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \ && curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/user-data
Activities[edit]
Related[edit]
- Azure Instance Metadata Service
ec2-imdsv2-check
, the rule isNON_COMPLIANT
if theHttpTokens
is set to optional.aws ec2 describe-instances | grep HttpTokens
- AWS EC2 Instance Connect
- Datadog:
DD_EC2_PREFER_IMDSV2
Datadog: EC2 instances should enforce IMDSv2
- IMDS initiate session
Failed to refresh cached credentials, no EC2 IMDS role found
See also[edit]
- IMDS
- IMDS, IMDS versions (IMDSv2), IMDS initiate session,
ec2-imdsv2-check, aws ec2 modify-instance-metadata-options, /latest/meta-data, /latest/user-data, modify-instance-metadata-defaults
- AWS EC2, Amazon EC2 API,
aws ec2, AWS::EC2
, Amazon EC2 Spot Instances, CPU credits, Instance type, EC2 limitations, 169.254.169.254, Instance metadata and user data (IMDS),InstanceType, InstanceId
, Amazon EC2 Auto Scaling, AWS EC2 Instance Connect, launch template, lifecycle, AWS Security group (SG), Amazon EC2 Recycle Bin, Amazon EC2 Mac Instances, Global View
Advertising: