Kitchentest instance with IMDSv2

[raghavvidya]

Hello, Is there any option for running the Kitchen test with AWS metadata version 2(IMDVs2) ?

For more info about AWS IMDSv2
https://aws.amazon.com/about-aws/whats-new/2019/11/announcing-updates-amazon-ec2-instance-metadata-service/

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html

[tas50]

@raghavvidya Can you provide more information on what you're hoping to do with Test Kitchen and the AWS metadata version 2 and what you can't do at this point?

[TheSAS]

The question is how to pass this configuration into the kitchen:

  metadata_options {
    http_endpoint               = "enabled"
    http_tokens                 = "required"
    http_put_response_hop_limit = 1
  }

https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html (--metadata-options)

[fletchowns]

I am wondering this as well - organization has a requirement to enforce IMDSv2 on all EC2 instances but I'm not seeing a way to do that with instances generated by test-kitchen. Did anybody figure this out yet?

[chenwany]

Hi, our team is also using kitchen test. We detect that the instances launched have IMDSv1 calls, is there any timeline for kitchen to transition to AWS metadata version 2(IMDVs2)? It may potentially block customers who disable IMDSv1 for security consideration.