Blocking user-data

[jqport]

Hi,

When using kube2iam in a multi-tenant environment it can be useful to block access to the user-data endpoint so random users in containers cannot read start-up scripts. Would you be open to a PR that would block off access to that endpoint?

If you don't mind me adding this PR; would you like it as a toggle or just as another handler like security-credentials?

[jtblin]

Sorry for the lag, good point. It sounds like it should be on by default to enhance security but could be toggled off if needed. PR welcome :)

[dasgoll]

@jqport
A silly question, when you say "user-data endpoint" what exactly do you mean ?

[jqport]

@jtblin Sounds good, I'll toss up a PR soon-ish.

@dasgoll No such thing as a silly question. I meant the user-data endpoint for AWS's magic ip [http://169.254.169.254/latest/user-data] (you can read more about using user-data to configure ec2 instances here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html).

[rmt]

#137 seems to address this.