Difference between revisions of "IMDS initiate session"
Jump to navigation
Jump to search
↑ https://d1.awsstatic.com/events/reinvent/2019/Security_best_practices_for_the_Amazon_EC2_instance_metadata_service_SEC310
| (7 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
"http://169.254.169.254/latest/api/token" | "http://169.254.169.254/latest/api/token" | ||
--header "X-aws-ec2-metadata-token-ttl-seconds: 600"` | --header "X-aws-ec2-metadata-token-ttl-seconds: 600"` | ||
| + | |||
* Continue session with GET request but required token | * Continue session with GET request but required token | ||
| − | curl --request GET "http://169.254.169.254/latest/metadata/ami-id" --header "X-aws-ec2-metadata-token: $TOKEN" | + | <code>[[curl --request]] GET "http://169.254.169.254/latest/metadata/ami-id" --header "X-aws-ec2-metadata-token: $TOKEN"</code> |
| + | |||
| + | |||
* This token expires after 10 minutes (600 seconds) | * This token expires after 10 minutes (600 seconds) | ||
| − | * IMDS distinguishes between v1 and v2 requests by presence of | + | * [[IMDS versions]]: [[IMDS distinguishes between v1 and v2 requests by presence of headers]] <ref>https://d1.awsstatic.com/events/reinvent/2019/Security_best_practices_for_the_Amazon_EC2_instance_metadata_service_SEC310</ref> |
| − | headers | + | |
| − | + | == Related == | |
| + | * [[IMDS versions]] | ||
== See also == | == See also == | ||
Latest revision as of 08:42, 28 June 2024
- Initiate session (bash example)
TOKEN=`curl --request PUT "http://169.254.169.254/latest/api/token" --header "X-aws-ec2-metadata-token-ttl-seconds: 600"`
- Continue session with GET request but required token
curl --request GET "http://169.254.169.254/latest/metadata/ami-id" --header "X-aws-ec2-metadata-token: $TOKEN"
- This token expires after 10 minutes (600 seconds)
- IMDS versions: IMDS distinguishes between v1 and v2 requests by presence of headers [1]
Related[edit]
See also[edit]
- IMDS, IMDS versions (IMDSv2), IMDS initiate session,
ec2-imdsv2-check, aws ec2 modify-instance-metadata-options, /latest/meta-data, /latest/user-data, modify-instance-metadata-defaults
Advertising:
