** Description changed:
AWS EC2 Metadata Service v2 uses session tokens:
+
+ $ ec2metadata
+ Traceback (most recent call last):
+ File "/usr/bin/ec2metadata", line 249, in <module>
+ main()
+ File "/usr/bin/ec2metadata", line 245, in main
+ display(metaopts, burl, prefix)
+ File "/usr/bin/ec2metadata", line 192, in display
+ value = m.get(metaopt)
+ File "/usr/bin/ec2metadata", line 177, in get
+ return self._get('meta-data/' + metaopt)
+ File "/usr/bin/ec2metadata", line 137, in _get
+ resp = urllib_request.urlopen(urllib_request.Request(url))
+ File "/usr/lib/python3.8/urllib/request.py", line 222, in urlopen
+ return opener.open(url, data, timeout)
+ File "/usr/lib/python3.8/urllib/request.py", line 531, in open
+ response = meth(req, response)
+ File "/usr/lib/python3.8/urllib/request.py", line 640, in http_response
+ response = self.parent.error(
+ File "/usr/lib/python3.8/urllib/request.py", line 569, in error
+ return self._call_chain(*args)
+ File "/usr/lib/python3.8/urllib/request.py", line 502, in _call_chain
+ result = func(*args)
+ File "/usr/lib/python3.8/urllib/request.py", line 649, in http_error_default
+ raise HTTPError(req.full_url, code, msg, hdrs, fp)
+ urllib.error.HTTPError: HTTP Error 401: Unauthorized
Basic flow: obtain a session token with a PUT request
IMDSv2_TOKEN=$(curl -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 30" -sL
"http://169.254.169.254/latest/api/token";)
IMDSv2_HEADER="-H X-aws-ec2-metadata-token:${IMDSv2_TOKEN}"
Send the session token when querying
curl -fs $IMDSv2_HEADER http://169.254.169.254/latest/.../
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1882389
Title:
ec2metadata doesn't support AWS EC2 IMDSv2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-utils/+bug/1882389/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
