feat(autoscaling): added metadataOptions to allow configure IMDS V2 o…

…ption for LaunchConfiguration template
aws · Oct 1, 2021 · 7cfc7ae · 7cfc7ae
1 parent ceab036
commit 7cfc7ae
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 0 deletions.
diff --git a/packages/@aws-cdk/aws-autoscaling/README.md b/packages/@aws-cdk/aws-autoscaling/README.md
@@ -378,6 +378,21 @@ new autoscaling.AutoScalingGroup(stack, 'ASG', {
 });
 ```
 
+## Enable EC2 IMDS V2
+
+To enable EC2 IMDS V2 support, specify `metadataOptions` property for the `AutoscalingGroup` resource.
+See [MetadataOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-launchconfig-metadataoptions.html) for the list of the available options.
+
+```ts
+new autoscaling.AutoScalingGroup(stack, 'ASG', {
+  metadataOptions: {
+    httpTokens: 'required',
+    httpEndpoint: 'enabled'
+  },
+  // ...
+});
+```
+
 ## Future work
 
 * [ ] CloudWatch Events (impossible to add currently as the AutoScalingGroup ARN is

diff --git a/packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts b/packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts
@@ -384,6 +384,13 @@ export interface AutoScalingGroupProps extends CommonAutoScalingGroupProps {
    * @default - default options
    */
   readonly initOptions?: ApplyCloudFormationInitOptions;
+
+  /**
+   * Specific MetadataOptions to use in LaunchConfiguration.
+   *
+   * @default - no options
+   */
+  readonly metadataOptions?: MetadataOptions;
 }
 
 /**
@@ -972,6 +979,7 @@ export class AutoScalingGroup extends AutoScalingGroupBase implements
       spotPrice: props.spotPrice,
       blockDeviceMappings: (props.blockDevices !== undefined ?
         synthesizeBlockDeviceMappings(this, props.blockDevices) : undefined),
+      metadataOptions: (props.metadataOptions !== undefined ? props.metadataOptions : undefined),
     });
 
     launchConfig.node.addDependency(this.role);
@@ -1802,3 +1810,30 @@ export interface ApplyCloudFormationInitOptions {
   */
   readonly includeRole?: boolean;
 }
+
+/**
+ * Metadata options for the instances
+ */
+export interface MetadataOptions {
+  /**
+   * The HTTP metadata endpoint on your instances.
+   * Allowed values: disabled | enabled
+   * @default enabled
+   */
+  readonly httpEndpoint?: string;
+
+  /**
+   * The desired HTTP PUT response hop limit for instance metadata requests.
+   *
+   * The valid range is from 1 to 64.
+   * @default 1
+   */
+  readonly httpPutResponseHopLimit?: number;
+
+  /**
+   * The state of token usage for your instance metadata requests.
+   * Allowed values: optional | required
+   * @default optional
+   */
+  readonly httpTokens?: string;
+}
diff --git a/packages/@aws-cdk/aws-autoscaling/test/auto-scaling-group.test.ts b/packages/@aws-cdk/aws-autoscaling/test/auto-scaling-group.test.ts
@@ -1361,8 +1361,31 @@ describe('auto scaling group', () => {
     expect(stack).toHaveResourceLike('AWS::AutoScaling::AutoScalingGroup', {
       NewInstancesProtectedFromScaleIn: true,
     });
+  });
 
+  test('can configure metadataOptions', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = mockVpc(stack);
+    new autoscaling.AutoScalingGroup(stack, 'MyStack', {
+      instanceType: ec2.InstanceType.of(ec2.InstanceClass.M4, ec2.InstanceSize.MICRO),
+      machineImage: new ec2.AmazonLinuxImage(),
+      vpc,
+      metadataOptions: {
+        httpPutResponseHopLimit: 2,
+        httpTokens: 'required',
+        httpEndpoint: 'enabled',
+      },
+    });
 
+    // THEN
+    expect(stack).toHaveResourceLike('AWS::AutoScaling::LaunchConfiguration', {
+      MetadataOptions: {
+        HttpPutResponseHopLimit: 2,
+        HttpTokens: 'required',
+        HttpEndpoint: 'enabled',
+      },
+    });
   });
 });