We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html describes IMDSv2, which is a 2-step process to retrieving instance metadata. Enforcing IMDSv2 is beneficial for preventing attacks that trick an application into making requests to the IMDS and returning data such as the instance IAM credentials.
A node can be launched to only support IMDSv2, so I suggest making afterburn compliant with this to enable the v2-only switch to be activated.
More details about IMDSv2:
https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
The text was updated successfully, but these errors were encountered:
Thanks for reporting!
Though I believe this is a duplicate of #305
Sorry, something went wrong.
Oops, so it is!
No branches or pull requests
Feature Request
Environment
AWS
Desired Feature
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html describes IMDSv2, which is a 2-step process to retrieving instance metadata. Enforcing IMDSv2 is beneficial for preventing attacks that trick an application into making requests to the IMDS and returning data such as the instance IAM credentials.
A node can be launched to only support IMDSv2, so I suggest making afterburn compliant with this to enable the v2-only switch to be activated.
Other Information
More details about IMDSv2:
https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
The text was updated successfully, but these errors were encountered: