kitchen-ec2 icon indicating copy to clipboard operation
kitchen-ec2 copied to clipboard
verified publisher icon test-kitchen

Kitchentest instance with IMDSv2

Open raghavvidya opened this issue 5 years ago • 4 comments

Hello, Is there any option for running the Kitchen test with AWS metadata version 2(IMDVs2) ?

For more info about AWS IMDSv2 https://aws.amazon.com/about-aws/whats-new/2019/11/announcing-updates-amazon-ec2-instance-metadata-service/

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html

raghavvidya avatar Jan 22 '20 08:01 raghavvidya

@raghavvidya Can you provide more information on what you're hoping to do with Test Kitchen and the AWS metadata version 2 and what you can't do at this point?

tas50 avatar Jan 11 '21 21:01 tas50

The question is how to pass this configuration into the kitchen:

  metadata_options {
    http_endpoint               = "enabled"
    http_tokens                 = "required"
    http_put_response_hop_limit = 1
  }

https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html (--metadata-options)

TheSAS avatar Jan 28 '21 10:01 TheSAS

I am wondering this as well - organization has a requirement to enforce IMDSv2 on all EC2 instances but I'm not seeing a way to do that with instances generated by test-kitchen. Did anybody figure this out yet?

fletchowns avatar Mar 24 '21 19:03 fletchowns

Hi, our team is also using kitchen test. We detect that the instances launched have IMDSv1 calls, is there any timeline for kitchen to transition to AWS metadata version 2(IMDVs2)? It may potentially block customers who disable IMDSv1 for security consideration.

chenwany avatar Apr 20 '21 23:04 chenwany