Transition to IMDSv2 on EC2 - Introduction, Preparation, Pitfalls

Рет қаралды 6,847

cloudonaut

Күн бұрын

Пікірлер: 29

@ArvindKumar-m8l1m 7 ай бұрын

After 3 hours of wasting time, hop-limit=2 fixed the issue. Thank you so much for sharing.

@CoderManu 3 жыл бұрын

Very helpful video. Thanks for the explanation and pitfalls that we need to be aware of!

@ritesh46974 2 жыл бұрын

It's really informative 😀, Appreciate your efforts

@wilsonmusa4956 7 ай бұрын

Super very informative, thank you

@cloudonaut 7 ай бұрын

Thank you!

@mohamedsambo9210 9 ай бұрын

heavily awesome even after 2 years

@cloudonaut 9 ай бұрын

Thank you!

@jonasmellquist7140 2 жыл бұрын

Great video and content Michael, kudos. And thanks for sharing the max-hops detail, must have been really hard to find that root cause :)

@cloudonaut 2 жыл бұрын

yes, it was :)

@christianibiri 2 жыл бұрын

Another great video! love this channel

@cloudonaut 2 жыл бұрын

Thanks so much!

@ozilmatrix6334 Жыл бұрын

Great video!

@cloudonaut Жыл бұрын

Thanks a lot for the feedback!

@souravsharma3505 Жыл бұрын

very helpful video.

@cloudonaut Жыл бұрын

Thank you!

@MrGauravMittal 2 жыл бұрын

Really a great Video and gives us a lot of insight. Well one use case is missing here as below Steps: 1. Launch an Oracle Enterprise Linux EC2 instance via AWS EC2 Instance Portal, 2. In the Configuration page select IMDSv2(Only) and also have 2 interfaces selected. 3. When the Instance comes up and login we see that the eth0 has been assigned with an ip, but the eth1 does not have any ip. Does this have to do with cloud-init inside the VM, the version installed is 19.4 Any Pointers will be really helpful.

@cloudonaut 2 жыл бұрын

Sorry. We don't use Oracle Enterprise Linux. But maybe someone else does?

@MrGauravMittal 2 жыл бұрын

@@cloudonaut Sir this may not be related to the OS Image, but what we have seen is it does not work if we launch an instance from EC2 Portal. Any inputs to look in.

@gnadha123 2 жыл бұрын

Does there is alternative tool for IMDS in AWS ?

@cloudonaut 2 жыл бұрын

No, I'm not aware of an alternative.

@rubenortiz621 3 жыл бұрын

Hi Cloudonaut! Great video! One question, which is the best way to get the updates on what is the best practices for security? any AWS Blog? any other source? Thanks

@cloudonaut 3 жыл бұрын

Thanks for your kind words, Ruben. Besides cloudonaut.io we recommend to follow the AWS Security Blog (aws.amazon.com/blogs/security/).

@DeepakShaktivel 9 ай бұрын

If generating a token is the same procedure , then anyone can generate a token and use it? kindly explain me if i am wrong?

@cloudonaut 9 ай бұрын

Check out aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/ for details.

@carloseduardorodriguesdeal716 Жыл бұрын

how could i discover what scripts or api calls are made using version 1 in my ec2 instances?

@cloudonaut Жыл бұрын

That's a tough question. I do not have an answer to that.

@rathneshrao8774 2 жыл бұрын

I see EC2 per instance is making some api calls using metadatanotokens whics getting recorded in cloudwatch meterics how can fix that issue before updating to IMDSV2.

@cloudonaut 2 жыл бұрын

Updating the AWS CLI and all AWS SDKs might do the trick. Otherwise you have to hunt for calls to 169.254.169.254

@rathneshrao8774 2 жыл бұрын

@@cloudonaut Thanks for the reply