Configure metadata_http_put_response_hop_limit for AWS Launch Configuration

[dcourvoi]

I have issues

I could not find a way to configure metadata_http_put_response_hop_limit when using worker_groups with this module. In the AWS Launch Configuration console, the option is available at creation time, under "Additional configuration - optional/Advanced details/Metadata response hop limit"

I'm submitting a...

• bug report
• feature request
• support request - read the FAQ first!
• kudos, thank you, warm fuzzy

What is the current behavior?

Cannot configure Metadata options like Metadata response hop limit for AWS Launch Configurations defined by worker_groups.

If this is a bug, how to reproduce? Please include a code sample if relevant.

Using a tf block like this, the metadata option is not applied:

module "eks" {
    source = "github.com/terraform-aws-modules/terraform-aws-eks?ref=v12.2.0"
    ...
    worker_groups = [
        {
          name                  = "blue"
          instance_type         = "t3.large"
          ...
          metadata_http_put_response_hop_limit = 2
        },
        ...
    ]
    ...
}

What's the expected behavior?

Worker_groups can also use metadata_http_endpoint, metadata_http_tokens, metadata_http_put_response_hop_limit

Are you able to fix this problem and submit a PR? Link here if you have already.

Environment details

• Affected module version:
• OS:
• Terraform version: 0.12.

Any other relevant info

[kseniyashaydurova]

We have the same problem that it is not available to set metadata_http_put_response_hop_limit for worker groups (launch configuration), but it works ok and sets for worker_groups_launch_template in the same manner.

Maybe for worker_groups metadata may be set in another manner?

Terraform: 0.13.5

[wdbasson]

Experiencing the same issue. Can't find metadata options for worker_groups.

Setting metadata_http_tokens is required for AWS Security Hub Foundational Security Best Practices v1.0.0 control EC2.8. The control fails if metadata_http_tokens isn't set to "required".

[euhn]

The newly released aws provider (3.23.0) now includes support for metadata_options in launch configurations, including http_put_response_hop_limit. This would make it fairly straightforward to include in this module as well.

[brenwhyte]

Same issue here, AquaSec and AWS Security Hub complains for each worker fired up so I'd love to see this fixed.

[alialperak]

I was looking for same thing and I saw metadata_http_put_response_hop_limit was already added here: #938

[euhn]

@alialperak it's been added for launch templates, but not for launch configurations.

[barryib]

This is now supported in v15.2.0

#1301

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.