AWS::EC2::Instance - MetadataOptions

[michaelwittig]

1. AWS::EC2::Instance-MetadataOptions

2. Scope of request

Add support to configure the EC2 IMDS to support:

• Enable/disable the endpoint
• Set the HTTP response hop limit
• Make HTTP tokens optional (default) or required (disables IMDSv1)

3. Expected behavior

Allow CloudFormation to launch EC2 instance with IMDS disabled or restricted to v2.

5. Helpful Links to speed up research and evaluation

• Description of IMDS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
• create: MetadataOptions attribute of https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html
• update: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataOptions.html

6. Category

1. Compute (EC2, ECS, EKS, Lambda...)

7. Context

related #273 for for WS::AutoScaling::LaunchConfiguration

[0xdabbad00]

Looks like this is now possible via Launch Templates: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-metadataoptions

[mildebrandt]

@0xdabbad00 Right, that has been true for quite a while. This issue is to add it to the AWS::EC2::Instance type: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html

[coreylane]

Any update?

[yoroto]

Any update?

[fortygigserver]

This would also be useful to set the feature "instance-metadata-tags" to enabled

[r-azh]

I agree this is a useful feature to set the feature "instance-metadata-tags" to enabled.

[kenlawrie1]

Hi, any update on this? Having to use launch templates to enable ImdsV2 on EC2 instance is causing us issues.
Launch template don't allow tags with spaces, and our SCP policies fail if we enforce both tags and ImdsV2 at the same time, hopefully when this CloudFormation limitation is resolved.