aws icon indicating copy to clipboard operation
aws copied to clipboard

Published 20 hours ago verified publisher icon PaloAltoNetworks

Firewall Breaks IAM Instance Profiles

Open tomcatlingcma opened this issue 5 years ago • 1 comments

Hi,

I am using your two tier sample and have noticed that any requests to AWS services from the Web instances are granted the instance profile associated with the Firewall instance. I think this might be because requests to 169.254.169.254 are being routed through the Firewall, when infact they should never leave the instance making the request.

I assume the normal route for these requests is being overwritten when the Firewall is added as a router during startup.

Can you offer any advice on fixing the user data script or changing the config in the Firewall so that these examples don't break normal use of AWS services?

Thanks.

tomcatlingcma avatar Apr 09 '19 09:04 tomcatlingcma

Opened a pull request to fix this https://github.com/PaloAltoNetworks/aws/pull/20

tomcatlingcma avatar Apr 15 '19 11:04 tomcatlingcma