Skip to content

Commit

Permalink
wip: enforce IMDSv2
Browse files Browse the repository at this point in the history
Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
  • Loading branch information
dduportal committed Dec 19, 2024
1 parent 8e3ccb4 commit c5a99f1
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion sources.pkr.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,14 @@ source "amazon-ebs" "base" {
volume_type = "gp3"
}

imds_support = "v2.0" # https://aws.amazon.com/blogs/security/get-the-full-benefits-of-imdsv2-and-disable-imdsv1-across-your-aws-infrastructure/
# Enforce IMDS v2 as per https://aws.amazon.com/blogs/security/get-the-full-benefits-of-imdsv2-and-disable-imdsv1-across-your-aws-infrastructure/
imds_support = "v2.0"
metadata_options {
http_endpoint = "enabled"
http_tokens = "required"
http_put_response_hop_limit = 1 # Do not allow access to IMDS through NAT-ed containers
instance_metadata_tags = "disabled"
}

# Where to export the AMI
ami_regions = [
Expand Down

0 comments on commit c5a99f1

Please sign in to comment.