You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The IMDSv2 endpoint with serve is good, but the ECS credential endpoint is better as it is authenticated with a token that must be provided separately to the credential consumer. In addition to making the HTTP endpoint serving the credentials more secure, it also helps if you're running more than one endpoint, you can ensure each credential consumer is talking to the correct credential endpoint.
However, I would not recommend actually implementing support until this issue with the SDKs is resolved, where IMDSv2 can be used to provide host credentials to running containers but ECS credentialing is prevented: aws/aws-sdk#562
The text was updated successfully, but these errors were encountered:
The IMDSv2 endpoint with
serve
is good, but the ECS credential endpoint is better as it is authenticated with a token that must be provided separately to the credential consumer. In addition to making the HTTP endpoint serving the credentials more secure, it also helps if you're running more than one endpoint, you can ensure each credential consumer is talking to the correct credential endpoint.However, I would not recommend actually implementing support until this issue with the SDKs is resolved, where IMDSv2 can be used to provide host credentials to running containers but ECS credentialing is prevented: aws/aws-sdk#562
The text was updated successfully, but these errors were encountered: