ec2metadata doesn't support AWS EC2 IMDSv2
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-utils (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
AWS EC2 Metadata Service v2 uses session tokens:
$ ec2metadata
Traceback (most recent call last):
File "/usr/bin/
main()
File "/usr/bin/
display(
File "/usr/bin/
value = m.get(metaopt)
File "/usr/bin/
return self._get(
File "/usr/bin/
resp = urllib_
File "/usr/lib/
return opener.open(url, data, timeout)
File "/usr/lib/
response = meth(req, response)
File "/usr/lib/
response = self.parent.error(
File "/usr/lib/
return self._call_
File "/usr/lib/
result = func(*args)
File "/usr/lib/
raise HTTPError(
urllib.
Basic flow: obtain a session token with a PUT request
IMDSv2_TOKEN=$(curl -X PUT -H "X-aws-
IMDSv2_HEADER="-H X-aws-ec2-
Send the session token when querying
curl -fs $IMDSv2_HEADER http://
Oops. Didn't file the bug correctly.
I've looked into the locating the sources for the package / python script.
https:/ /git.launchpad. net/cloud- utils/tree/ bin/ec2metadata
Indeed this doesn't have support for IMDSv2 session tokens.
This github gist has support for it: /gist.github. com/fred- vogt/9c2e773fda cf12e71260c71e7 fd17e68
https:/
I'll submit a patch shortly.