chore: add http token configure option to clients

weka · Sep 30, 2024 · 00adf37 · 00adf37
1 parent 6ec5b40
commit 00adf37
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 2 deletions.
diff --git a/clients.tf b/clients.tf
@@ -28,5 +28,6 @@ module "clients" {
   custom_data                  = var.clients_custom_data
   arch                         = var.client_arch
   capacity_reservation_id      = var.client_capacity_reservation_id
+  metadata_http_tokens         = var.metadata_http_tokens
   depends_on                   = [aws_autoscaling_group.autoscaling_group, module.network]
 }
diff --git a/modules/clients/init.sh b/modules/clients/init.sh
@@ -63,7 +63,7 @@ region=${region}
 subnet_id=${subnet_id}
 additional_nics_num=${additional_nics_num}
 
-instance_type=$(curl -s http://169.254.169.254/latest/meta-data/instance-type)
+instance_type=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/instance-type)
 max_network_cards=$(aws ec2 describe-instance-types --region $region --instance-types $instance_type --query "InstanceTypes[0].NetworkInfo.MaximumNetworkCards" --output text)
 
 counter=0

diff --git a/modules/clients/main.tf b/modules/clients/main.tf
@@ -92,7 +92,7 @@ resource "aws_launch_template" "this" {
 
   metadata_options {
     http_endpoint               = "enabled"
-    http_tokens                 = "optional" #required
+    http_tokens                 = var.metadata_http_tokens
     http_put_response_hop_limit = 1
     instance_metadata_tags      = "enabled"
   }

diff --git a/modules/clients/variables.tf b/modules/clients/variables.tf
@@ -161,3 +161,9 @@ variable "capacity_reservation_id" {
   default     = null
   description = "The ID of the capacity reservation in which to run the clients"
 }
+
+variable "metadata_http_tokens" {
+  type        = string
+  default     = "required"
+  description = "Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2)"
+}