Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support AWS IMDSv2 #419

Closed
jhmartin opened this issue May 28, 2020 · 2 comments
Closed

Support AWS IMDSv2 #419

jhmartin opened this issue May 28, 2020 · 2 comments

Comments

@jhmartin
Copy link

Feature Request

Environment

AWS

Desired Feature

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html describes IMDSv2, which is a 2-step process to retrieving instance metadata. Enforcing IMDSv2 is beneficial for preventing attacks that trick an application into making requests to the IMDS and returning data such as the instance IAM credentials.

A node can be launched to only support IMDSv2, so I suggest making afterburn compliant with this to enable the v2-only switch to be activated.

Other Information

More details about IMDSv2:

https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
@zonggen
Copy link
Member

zonggen commented May 28, 2020

Thanks for reporting!

Though I believe this is a duplicate of #305

@jhmartin
Copy link
Author

Oops, so it is!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jhmartin @zonggen