Difference between revisions of "IMDS initiate session"
Jump to navigation
Jump to search
↑ https://d1.awsstatic.com/events/reinvent/2019/Security_best_practices_for_the_Amazon_EC2_instance_metadata_service_SEC310
| Line 6: | Line 6: | ||
[[curl --request]] GET "http://169.254.169.254/latest/metadata/ami-id" --header "X-aws-ec2-metadata-token: $TOKEN" | [[curl --request]] GET "http://169.254.169.254/latest/metadata/ami-id" --header "X-aws-ec2-metadata-token: $TOKEN" | ||
* This token expires after 10 minutes (600 seconds) | * This token expires after 10 minutes (600 seconds) | ||
| − | * IMDS distinguishes between v1 and v2 requests by presence of | + | * [[IMDS distinguishes between v1 and v2 requests by presence of headers]] <ref>https://d1.awsstatic.com/events/reinvent/2019/Security_best_practices_for_the_Amazon_EC2_instance_metadata_service_SEC310</ref> |
| − | headers | ||
| − | |||
== See also == | == See also == | ||
Revision as of 07:23, 28 June 2024
- Initiate session (bash example)
TOKEN=`curl --request PUT "http://169.254.169.254/latest/api/token" --header "X-aws-ec2-metadata-token-ttl-seconds: 600"`
- Continue session with GET request but required token
curl --request GET "http://169.254.169.254/latest/metadata/ami-id" --header "X-aws-ec2-metadata-token: $TOKEN"
- This token expires after 10 minutes (600 seconds)
- IMDS distinguishes between v1 and v2 requests by presence of headers [1]
See also
- IMDS, IMDS versions (IMDSv2), IMDS initiate session,
ec2-imdsv2-check, aws ec2 modify-instance-metadata-options, /latest/meta-data, /latest/user-data, modify-instance-metadata-defaults
Advertising:
