From 7c815a2695cb7c749b0c0a9bbc2985835618acee Mon Sep 17 00:00:00 2001
From: Peter Svensson <peter@sparetimecoders.com>
Date: Tue, 19 Dec 2023 11:37:35 +0100
Subject: [PATCH] fix: handle IMDSv2 auth when checking if we are running on
 EC2 instance

---
 common/docker-entrypoint.d/00-check-for-required-env.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/docker-entrypoint.d/00-check-for-required-env.sh b/common/docker-entrypoint.d/00-check-for-required-env.sh
index 0ed18cb..604214d 100755
--- a/common/docker-entrypoint.d/00-check-for-required-env.sh
+++ b/common/docker-entrypoint.d/00-check-for-required-env.sh
@@ -44,7 +44,7 @@ elif [[ -v AWS_SESSION_TOKEN ]]; then
 # b) Using Instance Metadata Service (IMDS) credentials, if IMDS is present at http://169.254.169.254.
 #    See https://docs.aws.amazon.com/sdkref/latest/guide/feature-imds-credentials.html.
 #    Example: We are running inside an EC2 instance.
-elif curl --output /dev/null --silent --head --fail --connect-timeout 2 --max-time 5 "http://169.254.169.254"; then
+elif TOKEN=`curl -X PUT --silent --fail --connect-timeout 2 --max-time 2 "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` && curl  -H "X-aws-ec2-metadata-token: $TOKEN" --output /dev/null --silent --head --fail --connect-timeout 2 --max-time 5 "http://169.254.169.254"; then 
   echo "Running inside an EC2 instance, using IMDS for credentials"
 
 # c) Using assume role credentials. This is indicated by AWS_WEB_IDENTITY_TOKEN_FILE being set.