[Bug 1915203] [NEW] Backport AWS agent with IMDSv2 support

Tue, 09 Feb 2021 13:11:02 -0800 

Public bug reported:

Last year, AWS released "IMDSv2" in an effort to protect customers against some 
potentially severe information leaks
related to accidentally proxying this local data to the network. Details
at 
https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/

IMDSv2 makes use of a session-based protocol, requiring clients to first
retrieve a time-limited session token, and then to include that token
with subsequent requests.

Because the intended purpose of IMDSv2 is to provide an additional layer
of defense against network abuses, customers utilizing it may choose to
disable IMDSv1. Disabling IMDSv2 today causes fence_aws to fail.

** Affects: resource-agents (Ubuntu)
     Importance: Undecided
     Assignee: Lucas Kanashiro (lucaskanashiro)
         Status: Fix Released

** Affects: resource-agents (Ubuntu Bionic)
     Importance: Undecided
     Assignee: Lucas Kanashiro (lucaskanashiro)
         Status: In Progress

** Affects: resource-agents (Ubuntu Focal)
     Importance: Undecided
     Assignee: Lucas Kanashiro (lucaskanashiro)
         Status: In Progress

** Affects: resource-agents (Ubuntu Groovy)
     Importance: Undecided
     Assignee: Lucas Kanashiro (lucaskanashiro)
         Status: In Progress

** Also affects: resource-agents (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: resource-agents (Ubuntu Groovy)
   Importance: Undecided
       Status: New

** Also affects: resource-agents (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Changed in: resource-agents (Ubuntu)
       Status: New => Fix Released

** Changed in: resource-agents (Ubuntu)
     Assignee: (unassigned) => Lucas Kanashiro (lucaskanashiro)

** Changed in: resource-agents (Ubuntu Bionic)
     Assignee: (unassigned) => Lucas Kanashiro (lucaskanashiro)

** Changed in: resource-agents (Ubuntu Focal)
     Assignee: (unassigned) => Lucas Kanashiro (lucaskanashiro)

** Changed in: resource-agents (Ubuntu Groovy)
     Assignee: (unassigned) => Lucas Kanashiro (lucaskanashiro)

** Changed in: resource-agents (Ubuntu Bionic)
       Status: New => In Progress

** Changed in: resource-agents (Ubuntu Focal)
       Status: New => In Progress

** Changed in: resource-agents (Ubuntu Groovy)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915203

Title:
  Backport AWS agent with IMDSv2 support

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/resource-agents/+bug/1915203/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to