[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#952563: src:cloud-utils: ec2metadata does not speak EC2 IMDSv2

Package: src:cloud-utils
Version: 0.31-1
Severity: important

The ec2metadata command queries a well-known link-local endpoint
( in Amazon EC2) to obtain information about the instance
on which it runs.  Last year, AWS released "IMDSv2" in an effort to
protect customers against some potentially severe information leaks
related to accidentally proxying this local data to the network.  Details

IMDSv2 makes use of a session-based protocol, requiring clients to first
retrieve a time-limited session token, and then to include that token with
subsequent requests.

Because the intended purpose of IMDSv2 is to provide an additional layer
of defense against network abuses, customers utilizing it may choose to
disable IMDSv1.  It's important that we facilitate this use case by
supporting IMDSv2 wherever possible.  We should work to add this support
in both bullseye and buster (and potentially stretch if feasible)


Reply to: