[FACT-2306] Add support for AWS IMDSv2 - Puppet Tickets

XML

Word

Printable

Details

Type: New Feature
Status: Resolved
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: FACT 4.0.47
Component/s: Facter 4
Labels:
- doc_reviewed
- platform_7.1

Team:
Night's Watch
Sub-team:
- ghost
Story Points:
3
Sprint:
ghost-11.11, ghost 25.11, ghost-2.12, ghost-9.12

Release Notes:
New Feature
Release Notes Summary:

Hide
Updated EC2 fact to be able to use IMDSv2 to authenticate. To use v2, you need to set AWS_IMDSv2 environment variable to true.
Note: the token is cached for a maximum of 100 seconds.

Show
Updated EC2 fact to be able to use IMDSv2 to authenticate. To use v2, you need to set AWS_IMDSv2 environment variable to true. Note: the token is cached for a maximum of 100 seconds.

QA Risk Assessment:
Needs Assessment

Description

Amazon recently released version 2 of their instance metadata service. The new service is session-oriented rather than a simple request/response HTTP call, and was created in response to recent security breaches.

Facter currently only seems to support version 1 of the metadata service for the ec2_metadata and ec2_userdata facts, making it difficult for Puppet users in high-security environments to transition to version 2 of the service.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

Attachments

Issue Links

relates to

FACT-2904 Port AWS IDMSv2 to facter 3.x

Resolved

FACT-3042 Facter should retrieve EC2 metadata using IMDSv2 without requring user configuration

Resolved

Activity

People

Assignee:: Sebastian Miclea

Reporter:: Bryan Woolsey

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2020/01/21 9:13 AM

Updated:: 2021/05/17 1:37 PM

Resolved:: 2020/12/10 8:02 AM