You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Title: Add support for IMDSv2 for AWS instance metadata calls
Description:
Currently the AWS credentials provider uses IMDSv1 (a request/response method) but IMDSv2 (a session-oriented method) is substantially more secure, as it prevents SSRF attacks on the metadata service.
Hi @mattklein123, happy new year! I am still working on removing libcurl usage. Got the http async client change to work with lambda & request signing filter extensions but I am blocked on the final part to get that change work with IAM gRPC plugin, which I am going to work on next.
Meanwhile, I though it is better to get this IMDSv2 support #24747 since this is a security feature and the change to remove libcurl might take some time to stabilize and be bug free.
I would like to get your review on the above PR. Thanks.
Title: Add support for IMDSv2 for AWS instance metadata calls
Description:
Currently the AWS credentials provider uses IMDSv1 (a request/response method) but IMDSv2 (a session-oriented method) is substantially more secure, as it prevents SSRF attacks on the metadata service.
Relevant Links:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
cc @JuniorHsu @PeterL328 @fishcakez
The text was updated successfully, but these errors were encountered: