From d9670b00095d4ec6e25309fae7f7c63bd96304e5 Mon Sep 17 00:00:00 2001
From: Ashish Dhingra <67916761+ashishdhingra@users.noreply.github.com>
Date: Thu, 20 Jun 2024 10:13:53 -0700
Subject: [PATCH] Added support for new command line parameter
--disable-imds-v1 to disable IMDSv1 for Elastic BeanStalk environments.
---
.../Amazon.ElasticBeanstalk.Tools.csproj | 2 +-
.../Commands/CommandProperties.cs | 4 +++
.../Commands/DeployEnvironmentCommand.cs | 25 ++++++++++++++++++-
.../EBDefinedCommandOptions.cs | 9 +++++++
4 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/src/Amazon.ElasticBeanstalk.Tools/Amazon.ElasticBeanstalk.Tools.csproj b/src/Amazon.ElasticBeanstalk.Tools/Amazon.ElasticBeanstalk.Tools.csproj
index 3fd12ec..439724a 100644
--- a/src/Amazon.ElasticBeanstalk.Tools/Amazon.ElasticBeanstalk.Tools.csproj
+++ b/src/Amazon.ElasticBeanstalk.Tools/Amazon.ElasticBeanstalk.Tools.csproj
@@ -10,7 +10,7 @@
true
dotnet-eb
true
- 4.3.4
+ 4.4.0
dotnet-eb
Amazon Web Services
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
diff --git a/src/Amazon.ElasticBeanstalk.Tools/Commands/CommandProperties.cs b/src/Amazon.ElasticBeanstalk.Tools/Commands/CommandProperties.cs
index 8e864b2..f30cb65 100644
--- a/src/Amazon.ElasticBeanstalk.Tools/Commands/CommandProperties.cs
+++ b/src/Amazon.ElasticBeanstalk.Tools/Commands/CommandProperties.cs
@@ -19,6 +19,7 @@ public class DeployEnvironmentProperties
public string IISWebSite { get; set; }
public bool? WaitForUpdate { get; set; }
public bool? EnableXRay { get; set; }
+ public bool? DisableIMDSv1 { get; set; }
public Dictionary Tags { get; set; }
public Dictionary AdditionalOptions { get; set; }
@@ -92,6 +93,8 @@ internal void ParseCommandArguments(CommandOptions values)
this.LoadBalancerType = tuple.Item2.StringValue;
if ((tuple = values.FindCommandOption(EBDefinedCommandOptions.ARGUMENT_ENABLE_STICKY_SESSIONS.Switch)) != null)
this.EnableStickySessions = tuple.Item2.BoolValue;
+ if ((tuple = values.FindCommandOption(EBDefinedCommandOptions.ARGUMENT_DISABLE_IMDS_V1.Switch)) != null)
+ this.DisableIMDSv1 = tuple.Item2.BoolValue;
if ((tuple = values.FindCommandOption(EBDefinedCommandOptions.ARGUMENT_PROXY_SERVER.Switch)) != null)
this.ProxyServer = tuple.Item2.StringValue;
@@ -119,6 +122,7 @@ internal void PersistSettings(EBBaseCommand command, JsonData data)
data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_ENVIRONMENT_TYPE.ConfigFileKey, command.GetStringValueOrDefault(this.EnvironmentType, EBDefinedCommandOptions.ARGUMENT_ENVIRONMENT_TYPE, false));
data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_LOADBALANCER_TYPE.ConfigFileKey, command.GetStringValueOrDefault(this.LoadBalancerType, EBDefinedCommandOptions.ARGUMENT_LOADBALANCER_TYPE, false));
data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_ENABLE_STICKY_SESSIONS.ConfigFileKey, command.GetBoolValueOrDefault(this.EnableStickySessions, EBDefinedCommandOptions.ARGUMENT_ENABLE_STICKY_SESSIONS, false));
+ data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_DISABLE_IMDS_V1.ConfigFileKey, command.GetBoolValueOrDefault(this.DisableIMDSv1, EBDefinedCommandOptions.ARGUMENT_DISABLE_IMDS_V1, false));
data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_CNAME_PREFIX.ConfigFileKey, command.GetStringValueOrDefault(this.CNamePrefix, EBDefinedCommandOptions.ARGUMENT_CNAME_PREFIX, false));
data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_INSTANCE_TYPE.ConfigFileKey, command.GetStringValueOrDefault(this.InstanceType, EBDefinedCommandOptions.ARGUMENT_INSTANCE_TYPE, false));
data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_EC2_KEYPAIR.ConfigFileKey, command.GetStringValueOrDefault(this.EC2KeyPair, EBDefinedCommandOptions.ARGUMENT_EC2_KEYPAIR, false));
diff --git a/src/Amazon.ElasticBeanstalk.Tools/Commands/DeployEnvironmentCommand.cs b/src/Amazon.ElasticBeanstalk.Tools/Commands/DeployEnvironmentCommand.cs
index f9539ba..a7f6b38 100644
--- a/src/Amazon.ElasticBeanstalk.Tools/Commands/DeployEnvironmentCommand.cs
+++ b/src/Amazon.ElasticBeanstalk.Tools/Commands/DeployEnvironmentCommand.cs
@@ -40,6 +40,7 @@ public class DeployEnvironmentCommand : EBBaseCommand
EBDefinedCommandOptions.ARGUMENT_INSTANCE_TYPE,
EBDefinedCommandOptions.ARGUMENT_HEALTH_CHECK_URL,
EBDefinedCommandOptions.ARGUMENT_ENABLE_XRAY,
+ EBDefinedCommandOptions.ARGUMENT_DISABLE_IMDS_V1,
EBDefinedCommandOptions.ARGUMENT_ENHANCED_HEALTH_TYPE,
EBDefinedCommandOptions.ARGUMENT_INSTANCE_PROFILE,
EBDefinedCommandOptions.ARGUMENT_SERVICE_ROLE,
@@ -59,6 +60,9 @@ public class DeployEnvironmentCommand : EBBaseCommand
const string OPTIONS_NAME_PROXY_SERVER = "ProxyServer";
const string OPTIONS_NAME_APPLICATION_PORT = "PORT";
+ const string OPTIONS_NAMESPACE_DISABLE_IMDS_V1 = "aws:autoscaling:launchconfiguration";
+ const string OPTIONS_NAME_DISABLE_IMDS_V1 = "DisableIMDSv1";
+
public string Package { get; set; }
public DeployEnvironmentProperties DeployEnvironmentOptions { get; } = new DeployEnvironmentProperties();
@@ -415,7 +419,6 @@ private async Task CreateEnvironment(string application, string environm
Value = loadBalancerType
});
}
-
AddAdditionalOptions(createRequest.OptionSettings, true, isWindowsEnvironment);
@@ -456,6 +459,26 @@ private void AddAdditionalOptions(IList settings, bo
}
}
+ var disableIMDSv1 = this.GetBoolValueOrDefault(this.DeployEnvironmentOptions.DisableIMDSv1, EBDefinedCommandOptions.ARGUMENT_DISABLE_IMDS_V1, false);
+ if (disableIMDSv1.HasValue)
+ {
+ var existingSetting = settings.FirstOrDefault(s => s.Namespace == OPTIONS_NAMESPACE_DISABLE_IMDS_V1 && s.OptionName == OPTIONS_NAME_DISABLE_IMDS_V1);
+
+ if (existingSetting != null)
+ {
+ existingSetting.Value = disableIMDSv1.Value.ToString(CultureInfo.InvariantCulture).ToLowerInvariant();
+ }
+ else
+ {
+ settings.Add(new ConfigurationOptionSetting()
+ {
+ Namespace = OPTIONS_NAMESPACE_DISABLE_IMDS_V1,
+ OptionName = OPTIONS_NAME_DISABLE_IMDS_V1,
+ Value = disableIMDSv1.Value.ToString(CultureInfo.InvariantCulture).ToLowerInvariant()
+ });
+ }
+ }
+
var enableXRay = this.GetBoolValueOrDefault(this.DeployEnvironmentOptions.EnableXRay, EBDefinedCommandOptions.ARGUMENT_ENABLE_XRAY, false);
if(enableXRay.HasValue)
{
diff --git a/src/Amazon.ElasticBeanstalk.Tools/EBDefinedCommandOptions.cs b/src/Amazon.ElasticBeanstalk.Tools/EBDefinedCommandOptions.cs
index bbff093..411c380 100644
--- a/src/Amazon.ElasticBeanstalk.Tools/EBDefinedCommandOptions.cs
+++ b/src/Amazon.ElasticBeanstalk.Tools/EBDefinedCommandOptions.cs
@@ -205,5 +205,14 @@ public class EBDefinedCommandOptions
ValueType = CommandOption.CommandOptionValueType.IntValue,
Description = $"The application port that will be redirect to port 80. The default is port {EBConstants.DEFAULT_APPLICATION_PORT}."
};
+
+ public static readonly CommandOption ARGUMENT_DISABLE_IMDS_V1 =
+ new CommandOption
+ {
+ Name = "Disable IMDSv1",
+ Switch = "--disable-imds-v1",
+ ValueType = CommandOption.CommandOptionValueType.BoolValue,
+ Description = "If set to true then the IMDSv1 will be disabled on EC2 instances running the application."
+ };
}
}