terraform-aws-eks-node-group icon indicating copy to clipboard operation
terraform-aws-eks-node-group copied to clipboard

Published 20 hours ago verified publisher icon cloudposse

Change validation of put response hop limit to allow `1` as value to limit access to worker node's metadata endpoint

Open jakubbujny opened this issue 3 years ago • 3 comments

what

  • Change validation of metadata_http_put_response_hop_limit variable to allow to set 1 as value.

why

  • as standing in EKS best practises to limit access to worker node's metadata endpoint it's required to enable metadata_http_tokens_required and set metadata_http_put_response_hop_limit to 1 - see https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node
aws ec2 modify-instance-metadata-options --instance-id <value> --http-tokens required --http-put-response-hop-limit 1

jakubbujny avatar Jul 12 '22 12:07 jakubbujny

/test all

jakubbujny avatar Jul 12 '22 12:07 jakubbujny

/test all

Gowiem avatar Jul 12 '22 14:07 Gowiem

Any hope of getting this PR merged?

christoffer-eide avatar Oct 12 '22 10:10 christoffer-eide