yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1866290] [NEW] EC2: Do not retry on disabled IMDSv2 api/token route returning a 403

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Chad Smith <1866290@xxxxxxxxxxxxxxxxxx>
Date: Fri, 06 Mar 2020 02:36:43 -0000
Reply-to: Bug 1866290 <1866290@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The Ec2 IMDSv2 latest/api/token route can be set as disabled and return
a 403 indefinitely for an instance.

When receiving any HTTP status codes >= 400 from IMDSv2 on AWS' Ec2
cloud, 2 minutes or retries on the api/token route will not result in a
successful Ec2 datasource detection.

Quickly fail Ec2 datasource detection to allow the instance to
potentially discover other DS types.

** Affects: cloud-init
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1866290

Title:
  EC2: Do not retry on disabled IMDSv2 api/token route returning a 403

Status in cloud-init:
  New

Bug description:
  The Ec2 IMDSv2 latest/api/token route can be set as disabled and
  return a 403 indefinitely for an instance.

  When receiving any HTTP status codes >= 400 from IMDSv2 on AWS' Ec2
  cloud, 2 minutes or retries on the api/token route will not result in
  a successful Ec2 datasource detection.

  Quickly fail Ec2 datasource detection to allow the instance to
  potentially discover other DS types.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1866290/+subscriptions

Follow ups

[Bug 1866290] Re: EC2: Do not retry on disabled IMDSv2 api/token route returning a 403
From: Chad Smith, 2020-03-06