Actions
Bug #21585
closed
Installer's Terraform code sets IMDSv2 to required on EC2 service nodes
Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Deployment
Target version:
Story points:
-
Release:
Release relationship:
Auto
Description
This is related to #21552, terraform should set service nodes instances IMDSv2 to required.
See: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#http_tokens
Updated by Lucas Di Pentima 8 months ago
- Subject changed from Installer's Terraform code sets IMDSv2 to required on EC2 instance on AWS deployments to Installer's Terraform code sets IMDSv2 to required on EC2 service nodes
Updated by Lucas Di Pentima 8 months ago
21585-installer-imdsv2 @ f10e92fe09
- All agreed upon points are implemented / addressed.
- Yes
- Anything not implemented (discovered or discussed during work) has a follow-up story.
- No
- Code is tested and passing, both automated and manual, what manual testing was done is described
- Have already applied this on running clusters. The change is trivial and doesn't modify existing cloud resources in a way that they need to be recreated.
- Documentation has been updated.
- No. This is implemented as default (although manually overridable by people who can read Terraform code). Being that IMDSv2 is a feature that exists for around 3 years and it's recommended for security reasons by AWS, I don't see the point of documenting it if there's no apparent reason to disable it.
- Behaves appropriately at the intended scale (describe intended scale).
- N/A
- Considered backwards and forwards compatibility issues between client and server.
- N/A
- Follows our coding standards and GUI style guidelines.
- Yes
Updated by Brett Smith 8 months ago
Updated by Lucas Di Pentima 8 months ago
- Status changed from In Progress to Resolved
Applied in changeset arvados|e61c439e17ffdbec5964b65c3338300cb252d0f5.
Actions