From 00adf37b81a2554dddf3be7582de733ef497484d Mon Sep 17 00:00:00 2001
From: Assaf Giladi <assaf@weka.io>
Date: Mon, 30 Sep 2024 17:04:36 +0300
Subject: [PATCH 1/2] chore: add http token configure option to clients

---
 clients.tf                   | 1 +
 modules/clients/init.sh      | 2 +-
 modules/clients/main.tf      | 2 +-
 modules/clients/variables.tf | 6 ++++++
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/clients.tf b/clients.tf
index 2fc69ec9..4909e649 100644
--- a/clients.tf
+++ b/clients.tf
@@ -28,5 +28,6 @@ module "clients" {
   custom_data                  = var.clients_custom_data
   arch                         = var.client_arch
   capacity_reservation_id      = var.client_capacity_reservation_id
+  metadata_http_tokens         = var.metadata_http_tokens
   depends_on                   = [aws_autoscaling_group.autoscaling_group, module.network]
 }
diff --git a/modules/clients/init.sh b/modules/clients/init.sh
index 1513292f..8308eb90 100644
--- a/modules/clients/init.sh
+++ b/modules/clients/init.sh
@@ -63,7 +63,7 @@ region=${region}
 subnet_id=${subnet_id}
 additional_nics_num=${additional_nics_num}
 
-instance_type=$(curl -s http://169.254.169.254/latest/meta-data/instance-type)
+instance_type=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/instance-type)
 max_network_cards=$(aws ec2 describe-instance-types --region $region --instance-types $instance_type --query "InstanceTypes[0].NetworkInfo.MaximumNetworkCards" --output text)
 
 counter=0
diff --git a/modules/clients/main.tf b/modules/clients/main.tf
index 50b75bae..bd703fc7 100644
--- a/modules/clients/main.tf
+++ b/modules/clients/main.tf
@@ -92,7 +92,7 @@ resource "aws_launch_template" "this" {
 
   metadata_options {
     http_endpoint               = "enabled"
-    http_tokens                 = "optional" #required
+    http_tokens                 = var.metadata_http_tokens
     http_put_response_hop_limit = 1
     instance_metadata_tags      = "enabled"
   }
diff --git a/modules/clients/variables.tf b/modules/clients/variables.tf
index 942ae9f8..1992aed5 100644
--- a/modules/clients/variables.tf
+++ b/modules/clients/variables.tf
@@ -161,3 +161,9 @@ variable "capacity_reservation_id" {
   default     = null
   description = "The ID of the capacity reservation in which to run the clients"
 }
+
+variable "metadata_http_tokens" {
+  type        = string
+  default     = "required"
+  description = "Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2)"
+}

From 45ab48776ba87c7d6a7e0bafc398bb20ddc64d17 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Mon, 30 Sep 2024 17:42:45 +0000
Subject: [PATCH 2/2] terraform-docs: automated action

---
 modules/clients/README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/clients/README.md b/modules/clients/README.md
index 7ebd9feb..1c34b243 100644
--- a/modules/clients/README.md
+++ b/modules/clients/README.md
@@ -59,6 +59,7 @@ No modules.
 | <a name="input_instance_iam_profile_arn"></a> [instance\_iam\_profile\_arn](#input\_instance\_iam\_profile\_arn) | Instance IAM profile ARN | `string` | n/a | yes |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | The virtual machine type (sku) to deploy | `string` | n/a | yes |
 | <a name="input_key_pair_name"></a> [key\_pair\_name](#input\_key\_pair\_name) | Ssh key pair name to pass to the instances. | `string` | n/a | yes |
+| <a name="input_metadata_http_tokens"></a> [metadata\_http\_tokens](#input\_metadata\_http\_tokens) | Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2) | `string` | `"required"` | no |
 | <a name="input_placement_group_name"></a> [placement\_group\_name](#input\_placement\_group\_name) | Placement group name | `string` | `null` | no |
 | <a name="input_proxy_url"></a> [proxy\_url](#input\_proxy\_url) | Weka proxy url | `string` | `""` | no |
 | <a name="input_sg_ids"></a> [sg\_ids](#input\_sg\_ids) | Security group ids | `list(string)` | `[]` | no |