Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Add instance metadata service v2 (IMDS v2) support.
AWS official documentation : https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
The agent will still rely on IMDS v1 first. It will do IMDS v2 request only if unauthenticated (IMDS v1) requests fail, thus the actual agent behaviour will only change if IMDS v1 is explicitly disabled, ensuring compatibility with existing deployments.
Motivation
Properly support EC2 instances with IMDSv1 disabled.
Additional Notes
Tests captured on an EC2 live instance with an agent development build :
Request without token on an IMDSv2 only instance :
Token request (PUT):
Request to metadata with token: