Check out the route53-helpers example for how to use these scripts with Packer and Terraform.
Installing bash-commons
bash-commons is a dependency of this script. You must first install it via the Gruntwork Installer. This script requires version v0.1.8 of bash-commons or newer.
The require-instance-metadata-service-version script has the following prerequisites:
It must be run on an EC2 instance
It requires that bash-commons version v0.1.8 or newer is installed on the EC2 Instance. See instructions above.
The EC2 instance must have an IAM role with permissions to modify the Instance Metadata service's options. See the
route53-helpers example) for a reference implementation.
The EC2 instance must have the AWS CLI (version 2.2.37 or higher), unzip and jq installed.
Run the require-instance-metadata-service-version script in the User Data of your EC2 instances, prior to any calls to the Instance Metadata Service to configure if you want 2.0 credentials to be required or optional.
Here is an example usage:
# Require that only IMDS version 2.0 be used, disabling version 1.0
require-instance-metadata-service-version --version-2-state 'required'
# Allow either IMDS 1.0 or 2.0 versions to be used
require-instance-metadata-service-version --version-2-state 'optional'
Example output:
Setting Instance Metadata Service version 2 state to required
{
"InstanceId": "i-002132f6f69e13b22",
"InstanceMetadataOptions": {
"State": "pending",
"HttpTokens": "required",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled"
}
}
...
Setting Instance Metadata Service version 2 state to optional
{
"InstanceId": "i-002132f6f69e13b22",
"InstanceMetadataOptions": {
"State": "pending",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled"
}
}
Questions? Ask away.
We're here to talk about our services, answer any questions, give advice, or just to chat.
{"treedata":{"name":"root","toggled":true,"children":[{"name":".circleci","children":[{"name":"config.yml","path":".circleci/config.yml","sha":"edb2e1f7416276a2f1dcf8bc174bf805b235163c"}]},{"name":".gitignore","path":".gitignore","sha":"1b77db107bd9abb565bd5adafce570dd59adf016"},{"name":".pre-commit-config.yaml","path":".pre-commit-config.yaml","sha":"6c5b735f0db5a0b8d732e9fc612255e3f181d7d5"},{"name":"CODEOWNERS","path":"CODEOWNERS","sha":"555c0c6e23a7502acbef94fb0b77bfa759ba11e8"},{"name":"LICENSE.txt","path":"LICENSE.txt","sha":"f4e3d9bd4717a044ed31ad847a300eee74371a78"},{"name":"README.adoc","path":"README.adoc","sha":"c2288c93a58bebc4cf4c6f7ff7de1134fe8f0f6e"},{"name":"_docs","children":[{"name":"aws-ec2.png","path":"_docs/aws-ec2.png","sha":"861e17a7d1df585b37d10e3211f71f6a6e182115"},{"name":"single-ec2-instance-architecture.png","path":"_docs/single-ec2-instance-architecture.png","sha":"c44f7efdb936c53fc4988f286ddcf31be8a6fdc9"}]},{"name":"core-concepts.md","path":"core-concepts.md","sha":"74ee29b0f03ed842c70a271d1a58be0c61b1c358"},{"name":"examples","children":[{"name":"attach-eni","children":[{"name":"README.md","path":"examples/attach-eni/README.md","sha":"86ce148cc900ce48f3debc490ce771ff5cd9fded"},{"name":"main.tf","path":"examples/attach-eni/main.tf","sha":"97e8294ba1990b1c930810fd082317b5275c2e83"},{"name":"outputs.tf","path":"examples/attach-eni/outputs.tf","sha":"cf9472109a00b477ec4eb950e5b4e5ce9d21f4d1"},{"name":"packer","children":[{"name":"build.json","path":"examples/attach-eni/packer/build.json","sha":"c80651ff8b260e9edf73c8e8602d2e964575cebf"}]},{"name":"user-data","children":[{"name":"user-data-1.sh","path":"examples/attach-eni/user-data/user-data-1.sh","sha":"978ca952d47f3dcd84881deb3723614339edbd6f"},{"name":"user-data-2.sh","path":"examples/attach-eni/user-data/user-data-2.sh","sha":"898fd7a3c7179cc0c6d595b6ccbb4b92b1b2cedb"}]},{"name":"vars.tf","path":"examples/attach-eni/vars.tf","sha":"c8bd5aa7b155cf011bd03e3c6bf76a79fd1be4d5"}]},{"name":"bastion-host","children":[{"name":"README.md","path":"examples/bastion-host/README.md","sha":"0326f3c2c0707a3e2a67ffb6e002aec3eb30e1fa"},{"name":"main.tf","path":"examples/bastion-host/main.tf","sha":"86b9f77a4d50b5edee8837c579707ebc4d745820"},{"name":"outputs.tf","path":"examples/bastion-host/outputs.tf","sha":"5f0c2d739b9646c39e19bfd05cacb852c6080c0c"},{"name":"user-data.sh","path":"examples/bastion-host/user-data.sh","sha":"40484d6463cf88d4d5b174cbc3ca759548b9d788"},{"name":"vars.tf","path":"examples/bastion-host/vars.tf","sha":"cec5c3c5cc8041b2165059c3f8378a6415d72b3a"}]},{"name":"ec2-backup","children":[{"name":"README.md","path":"examples/ec2-backup/README.md","sha":"782667373dc4d7cf602fea0e05d6b78ed47d2c42"},{"name":"main.tf","path":"examples/ec2-backup/main.tf","sha":"a93b214edd82f1e36d0113d7727239c95e28bfac"},{"name":"outputs.tf","path":"examples/ec2-backup/outputs.tf","sha":"6023311f87f6757e60e5d47600095cbc6dce324a"},{"name":"variables.tf","path":"examples/ec2-backup/variables.tf","sha":"e6e9fa9520608ef0a5cc0aadc70d118775543b03"}]},{"name":"persistent-ebs-volume","children":[{"name":"README.md","path":"examples/persistent-ebs-volume/README.md","sha":"7acf321a8a3183bfe4d7187be94208ed281bcd66"},{"name":"main.tf","path":"examples/persistent-ebs-volume/main.tf","sha":"e38e758d9bb4d438633e840003478803e0a7cde8"},{"name":"outputs.tf","path":"examples/persistent-ebs-volume/outputs.tf","sha":"54f33c96b796373b12b9702f46d30a1c85043f65"},{"name":"packer","children":[{"name":"build.json","path":"examples/persistent-ebs-volume/packer/build.json","sha":"d9448a8beecb2b12a1e7ddfbb6ad59d9997988e9"}]},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/persistent-ebs-volume/user-data/user-data.sh","sha":"9c5d08f440596a978418d09aea275d8c0ffc16fb"}]},{"name":"vars.tf","path":"examples/persistent-ebs-volume/vars.tf","sha":"47a3c46579f095eaed913046ebd972edd7bb525e"}]},{"name":"route53-helpers","children":[{"name":"README.md","path":"examples/route53-helpers/README.md","sha":"6b212ee9299ea98770f423799c73583e617e07fa"},{"name":"main.tf","path":"examples/route53-helpers/main.tf","sha":"9c2307438841e137cd8de9e6885283c054290959"},{"name":"outputs.tf","path":"examples/route53-helpers/outputs.tf","sha":"4c3c3ccccf964155ffbce7546fcbc9ef6e886de6"},{"name":"packer","children":[{"name":"build.json","path":"examples/route53-helpers/packer/build.json","sha":"d36a48b043b3398dff52c286dd404f411054bacd"}]},{"name":"user-data","children":[{"name":"user-data.sh","path":"examples/route53-helpers/user-data/user-data.sh","sha":"fcd5070b46e6428d81dbb1e5ba5f4bef3b5b8c0c"}]},{"name":"vars.tf","path":"examples/route53-helpers/vars.tf","sha":"3c990b1e4ae4da54aac558cf24124e29cd362931"}]}]},{"name":"modules","children":[{"name":"attach-eni","children":[{"name":"README.md","path":"modules/attach-eni/README.md","sha":"5c32557105967e1b0e82f50fe693c12370e905cc"},{"name":"bin","children":[{"name":"attach-eni","path":"modules/attach-eni/bin/attach-eni","sha":"616849047aad575aca81659bbf45d99d72ec9e46"}]},{"name":"install.sh","path":"modules/attach-eni/install.sh","sha":"542cbd93ca08fd9cbe6f121f4d8fea2b1d76ca8b"}]},{"name":"disable-instance-metadata","children":[{"name":"README.md","path":"modules/disable-instance-metadata/README.md","sha":"eacec50007d78aec20335d85b05a9582200c9a66"},{"name":"bin","children":[{"name":"disable-instance-metadata","path":"modules/disable-instance-metadata/bin/disable-instance-metadata","sha":"a2b5e85b40225bc693a46978dd2ca2ea9406283f"}]},{"name":"install.sh","path":"modules/disable-instance-metadata/install.sh","sha":"bdce5d29adc4041375ffc9bf7eabb93a0059583c"}]},{"name":"ec2-backup","children":[{"name":"README.md","path":"modules/ec2-backup/README.md","sha":"e5f22ab6bdd9f34dacf71428bc04fef1d5415bad"},{"name":"main.tf","path":"modules/ec2-backup/main.tf","sha":"8153eee6c6285bdd67884372cc069a0cb4bf5fa8"},{"name":"outputs.tf","path":"modules/ec2-backup/outputs.tf","sha":"19b7bd464c3c0916e03bff6f4f2cf69b671041ed"},{"name":"variables.tf","path":"modules/ec2-backup/variables.tf","sha":"d590cf90b9a1060c9f003f64d82085d183c5e8f2"}]},{"name":"persistent-ebs-volume","children":[{"name":"README.md","path":"modules/persistent-ebs-volume/README.md","sha":"6d8c0c80d3e674fcda15a9a95a7fc2f4de7d6e9d"},{"name":"bin","children":[{"name":"mount-ebs-volume","path":"modules/persistent-ebs-volume/bin/mount-ebs-volume","sha":"1650101d5c5e7aeaa885bab9b80816b6417720e4"},{"name":"unmount-ebs-volume","path":"modules/persistent-ebs-volume/bin/unmount-ebs-volume","sha":"576ef38dc65ac1ef80c83b837efd6313bfd02741"}]},{"name":"install.sh","path":"modules/persistent-ebs-volume/install.sh","sha":"e0ce5862cd6975992dc011a6dfe94fdf14a9b607"}]},{"name":"require-instance-metadata-service-version","children":[{"name":"README.md","path":"modules/require-instance-metadata-service-version/README.md","sha":"e44bae312f899c7b88cb7745e0732cf71f28fe8e","toggled":true},{"name":"bin","children":[{"name":"require-instance-metadata-service-version","path":"modules/require-instance-metadata-service-version/bin/require-instance-metadata-service-version","sha":"49481dbbd668025409ae6e9fa7903276f3145948"}]},{"name":"install.sh","path":"modules/require-instance-metadata-service-version/install.sh","sha":"b819422b6cd7475666945112202fb71adbc6bb60"}],"toggled":true},{"name":"route53-helpers","children":[{"name":"README.md","path":"modules/route53-helpers/README.md","sha":"52d0b942bba658065589567e9c9d78c98b4ca028"},{"name":"bin","children":[{"name":"add-dns-a-record","path":"modules/route53-helpers/bin/add-dns-a-record","sha":"2fd418252934a48c78f910a739b5d681d1585941"}]},{"name":"install.sh","path":"modules/route53-helpers/install.sh","sha":"535ed35d64611c5f12e9924b3cb8df0a77180ab8"}]},{"name":"single-server","children":[{"name":"README.md","path":"modules/single-server/README.md","sha":"afcb5405b0aca7dd4438538ddfa3d87b79846b4a"},{"name":"main.tf","path":"modules/single-server/main.tf","sha":"a193962a8eafc7f64a9ac9e00faf3564f55499d5"},{"name":"outputs.tf","path":"modules/single-server/outputs.tf","sha":"e042d24d9e54a2df2011c736bfa462d9f1175be5"},{"name":"vars.tf","path":"modules/single-server/vars.tf","sha":"3d7a6911c59b3554cfa3699e7e58ae98c18dec2e"}]}],"toggled":true},{"name":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","path":"terraform-cloud-enterprise-private-module-registry-placeholder.tf","sha":"ae586c0fe830819580e1009d41a9074f16e65bed"},{"name":"test","children":[{"name":"README.md","path":"test/README.md","sha":"ef26d3851db2fff0b36dfa61379724c0db9ff281"},{"name":"attach_eni_test.go","path":"test/attach_eni_test.go","sha":"6cff173ca858ec9765e837cdd7943489f1a0cc75"},{"name":"bastion_host_test.go","path":"test/bastion_host_test.go","sha":"f8d38f1cd893ef2097cababd4053bfd71710fa4d"},{"name":"ec2_backup_test.go","path":"test/ec2_backup_test.go","sha":"73ae620eb4bbec7771bfc614e676935956134e9d"},{"name":"go.mod","path":"test/go.mod","sha":"b275b1103e930e7ea7c08e9a3ca4a108f8efdee6"},{"name":"go.sum","path":"test/go.sum","sha":"76a7d496d54ca2743c46bd66a4ff7d260de9cb32"},{"name":"persistent_ebs_volume_test.go","path":"test/persistent_ebs_volume_test.go","sha":"ac3adb89e68c61e73b9cb31d179fefb13a404788"},{"name":"route53_helpers_test.go","path":"test/route53_helpers_test.go","sha":"6ab270f015bf4b8261278c8789a346159ee7eb9b"},{"name":"test_helpers.go","path":"test/test_helpers.go","sha":"16156727df11949125c635b75612ae6fa527df3d"},{"name":"validation","children":[{"name":"validate_all_modules_and_examples_test.go","path":"test/validation/validate_all_modules_and_examples_test.go","sha":"33d73c385b64c4fc870033e99427e683c31dc45a"}]}]}]},"detailsContent":"<h1 class=\"preview__body--title\" id=\"require-instance-metadata-service-version-script\">Require Instance Metadata Service version script</h1><div class=\"preview__body--border\"></div><p>This folder contains a script (<code>require-instance-metadata-service-version</code>) you can use to either:</p>\n<ol>\n<li>Allow access to both versions <code>1.0</code> and <code>2.0</code> of the Instance Metadata Service</li>\n<li>Disable version <code>1.0</code> of the Instance Metadata Service and require that version <code>2.0</code> be used</li>\n</ol>\n<p>Learn more at <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\" class=\"preview__body--description--blue\" target=\"_blank\">the official AWS EC2 Instance Metadata Service documentation</a>.</p>\n<p>Check out the <a href=\"/repos/v0.14.0/module-server/examples/route53-helpers\" class=\"preview__body--description--blue\">route53-helpers example</a> for how to use these scripts with Packer and Terraform.</p>\n<h2 class=\"preview__body--subtitle\" id=\"installing-bash-commons\">Installing bash-commons</h2>\n<p><a href=\"/repos/bash-commons\" class=\"preview__body--description--blue\"><code>bash-commons</code></a> is a dependency of this script. You must first install it via the <a href=\"/repos/gruntwork-installer\" class=\"preview__body--description--blue\">Gruntwork Installer</a>. This script requires version <code>v0.1.8</code> of <code>bash-commons</code> or newer.</p>\n<pre><span class=\"hljs-string\">gruntwork-install </span><span class=\"hljs-built_in\">--module-name</span> <span class=\"hljs-string\">\"bash-commons\"</span> <span class=\"hljs-built_in\">--repo</span> <span class=\"hljs-string\">\"https://github.com/gruntwork-io/bash-commons\"</span> <span class=\"hljs-built_in\">--tag</span> <span class=\"hljs-string\">\"0.1.8\"</span>\n</pre>\n<h2 class=\"preview__body--subtitle\" id=\"installing-the-script\">Installing the script</h2>\n<p>You can install these scripts using the <a href=\"/repos/gruntwork-installer\" class=\"preview__body--description--blue\">Gruntwork Installer</a>:</p>\n<pre><span class=\"hljs-string\">gruntwork-install </span><span class=\"hljs-built_in\">--module-name</span> <span class=\"hljs-string\">\"require-instance-metadata-service-version\"</span> <span class=\"hljs-built_in\">--repo</span> <span class=\"hljs-string\">\"https://github.com/gruntwork-io/terraform-aws-server\"</span> <span class=\"hljs-built_in\">--tag</span> <span class=\"hljs-string\">\"0.13.3\"</span>\n</pre>\n<h2 class=\"preview__body--subtitle\" id=\"using-the-script\">Using the script</h2>\n<p>The <code>require-instance-metadata-service-version</code> script has the following prerequisites:</p>\n<ol>\n<li>It must be run on an EC2 instance</li>\n<li>It requires that <code>bash-commons</code> version <code>v0.1.8</code> or newer is installed on the EC2 Instance. See instructions above.</li>\n<li>The EC2 instance must have an IAM role with permissions to modify the Instance Metadata service's options. See the\n<a href=\"/repos/v0.14.0/module-server/examples/route53-helpers\" class=\"preview__body--description--blue\">route53-helpers example</a>) for a reference implementation.</li>\n<li>The EC2 instance must have the AWS CLI (version 2.2.37 or higher), unzip and jq installed.</li>\n</ol>\n<p>Run the <code>require-instance-metadata-service-version</code> script in the User Data of your EC2 instances, prior to any calls to the Instance Metadata Service to configure if you want <code>2.0</code> credentials to be <code>required</code> or <code>optional</code>.</p>\n<p>Here is an example usage:</p>\n<pre><span class=\"hljs-comment\"># Require that only IMDS version 2.0 be used, disabling version 1.0</span>\nrequire-instance-metadata-service-version --version-<span class=\"hljs-number\">2</span>-state 'required'\n\n<span class=\"hljs-comment\"># Allow either IMDS 1.0 or 2.0 versions to be used</span>\nrequire-instance-metadata-service-version --version-<span class=\"hljs-number\">2</span>-state 'optional'\n</pre>\n<p>Example output:</p>\n<pre>Setting<span class=\"hljs-built_in\"> Instance </span>Metadata<span class=\"hljs-built_in\"> Service </span>version 2 state <span class=\"hljs-keyword\">to</span> required\n{\n <span class=\"hljs-string\">\"InstanceId\"</span>: <span class=\"hljs-string\">\"i-002132f6f69e13b22\"</span>,\n <span class=\"hljs-string\">\"InstanceMetadataOptions\"</span>: {\n <span class=\"hljs-string\">\"State\"</span>: <span class=\"hljs-string\">\"pending\"</span>,\n <span class=\"hljs-string\">\"HttpTokens\"</span>: <span class=\"hljs-string\">\"required\"</span>,\n <span class=\"hljs-string\">\"HttpPutResponseHopLimit\"</span>: 1,\n <span class=\"hljs-string\">\"HttpEndpoint\"</span>: <span class=\"hljs-string\">\"enabled\"</span>,\n <span class=\"hljs-string\">\"HttpProtocolIpv6\"</span>: <span class=\"hljs-string\">\"disabled\"</span>\n }\n}\n\n<span class=\"hljs-built_in\">..</span>.\n\nSetting<span class=\"hljs-built_in\"> Instance </span>Metadata<span class=\"hljs-built_in\"> Service </span>version 2 state <span class=\"hljs-keyword\">to</span> optional\n{\n <span class=\"hljs-string\">\"InstanceId\"</span>: <span class=\"hljs-string\">\"i-002132f6f69e13b22\"</span>,\n <span class=\"hljs-string\">\"InstanceMetadataOptions\"</span>: {\n <span class=\"hljs-string\">\"State\"</span>: <span class=\"hljs-string\">\"pending\"</span>,\n <span class=\"hljs-string\">\"HttpTokens\"</span>: <span class=\"hljs-string\">\"optional\"</span>,\n <span class=\"hljs-string\">\"HttpPutResponseHopLimit\"</span>: 1,\n <span class=\"hljs-string\">\"HttpEndpoint\"</span>: <span class=\"hljs-string\">\"enabled\"</span>,\n <span class=\"hljs-string\">\"HttpProtocolIpv6\"</span>: <span class=\"hljs-string\">\"disabled\"</span>\n }\n}\n</pre>\n","repoName":"module-server","repoRef":"v0.13.7","serviceDescriptor":{"serviceName":"Single EC2 Instance","serviceRepoName":"module-server","serviceRepoOrg":"gruntwork-io","cloudProviders":["aws"],"description":"Run a single EC2 instance for stateless or stateful apps. Supports IAM roles, EBS volumes, ENIs, and EIPs.","imageUrl":"single-service.png","licenseType":"subscriber","technologies":["Terraform","Bash"],"compliance":[],"tags":[""]},"serviceCategoryName":"Server orchestration","fileName":"README.md","filePath":"/modules/require-instance-metadata-service-version","title":"Repo Browser: Single EC2 Instance","description":"Browse the repos in the Gruntwork Infrastructure as Code Library."}
.circleci
install.sh
