pulumi-eks icon indicating copy to clipboard operation
pulumi-eks copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Support for EKS IMDSv2

Open NArnott opened this issue 3 years ago • 5 comments
trafficstars

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

AWS announced in 2020 support for EKS Node Groups to disable IMDSv1 (allowing only IMDSv2). I don't current see any support for that in Pulumi's EKS managed node group.

AWS Annoucement: https://aws.amazon.com/about-aws/whats-new/2020/08/amazon-eks-supports-ec2-instance-metadata-service-v2/

Affected area/feature

Pulumi.Aws.Eks.NodeGroup

NArnott avatar Apr 18 '22 18:04 NArnott

Not sure it's the answer you're looking for, but this can be done via the node group launch template metadata options:

MetadataOptions = new LaunchTemplateMetadataOptionsArgs { HttpEndpoint = "enabled", HttpTokens = "required", HttpPutResponseHopLimit = 2 }

See docs for LaunchTemplateMetadataOptions.

gitfool avatar Apr 18 '22 20:04 gitfool

Hi, thank you for filing this enhancement request!

Moving this to pulumi-eks as it looks like this is specific to that package.

guineveresaenger avatar Apr 20 '22 16:04 guineveresaenger

I'd love to see this implemented. It's the only thing it doesn't do that I require for compliance, and it would be great to not have to try and replicate what pulumi-eks is doing with pulumi-aws.

shanehull avatar May 27 '22 06:05 shanehull

Is there any updates on this ?

marwenguesmii avatar Mar 06 '23 11:03 marwenguesmii

Updates on this?

igordrnobrega avatar Nov 14 '23 19:11 igordrnobrega