Uploaded image for project: 'Facter'
  1. Facter
  2. FACT-3042

Facter should retrieve EC2 metadata using IMDSv2 without requring user configuration

    XMLWordPrintable

Details

    • Improvement
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • FACT 4.0.47
    • FACT 4.2.1
    • None
    • Night's Watch
    • 2
    • NW - 2021-06-02
    • Enhancement
    • Hide
      Change the way Facter retrieves ec2_metadata by favoring IMDSv2 over IMDSv1. This is achieved by trying to retrieve an AWS token
      and add it to the X-aws-ec2-metadata-token header.
      If the token cannot be retrieved, IMDSv1 is used.
      Show
      Change the way Facter retrieves ec2_metadata by favoring IMDSv2 over IMDSv1. This is achieved by trying to retrieve an AWS token and add it to the X-aws-ec2-metadata-token header. If the token cannot be retrieved, IMDSv1 is used.
    • Needs Assessment

    Description

      FACT-2306 introduced support for v2 of the EC2 Instance Meta Data Service. However, this support has to be explicitly enabled by setting the AWS_IMDSv2 environment variable to true.

      The environment variable requirement creates two points of friction:

      • Using an environment variable instead of an entry in the Facter configuration makes it easy to get differing behavior depending on execution context. The environment that the puppet service receives is configured with a different set of files from that of a user shell which leads to inconsistent behavior.
      • Requiring an environment variable makes AWS instances with HttpTokens=required special in that they require post-installation configuration that existing installation methods, like the puppet_agent module or PE install scripts, do not automate.

      If possible, Facter should use IMDSv2 automatically when available. Otherwise, Facter should allow IMDSv2 to be controlled by a configuration setting.

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. FACT-2306 Add support for AWS IMDSv2

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved
          mentioned in

          Page Loading...

          Activity

            People

              gheorghe.popescu Gheorghe Popescu
              chuck Charlie Sharpsteen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support