From 694e0ac2e3e4f74ea295bfab4005de7d3170dcb3 Mon Sep 17 00:00:00 2001 From: Allison Larson Date: Wed, 20 Aug 2025 14:47:43 -0700 Subject: [PATCH] Require IMDSv2 for e2e EC2 instances (#26585) Re-enables this now that go-discover is updated in all the right places. --- e2e/terraform/provision-infra/compute.tf | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/e2e/terraform/provision-infra/compute.tf b/e2e/terraform/provision-infra/compute.tf index 97d8deea3..29728d76c 100644 --- a/e2e/terraform/provision-infra/compute.tf +++ b/e2e/terraform/provision-infra/compute.tf @@ -14,6 +14,10 @@ resource "aws_instance" "server" { count = var.server_count iam_instance_profile = data.aws_iam_instance_profile.nomad_e2e_cluster.name availability_zone = var.availability_zone + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } # Instance tags tags = { @@ -31,6 +35,10 @@ resource "aws_instance" "client_ubuntu_jammy" { count = var.client_count_linux iam_instance_profile = data.aws_iam_instance_profile.nomad_e2e_cluster.name availability_zone = var.availability_zone + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } # Instance tags tags = { @@ -51,6 +59,10 @@ resource "aws_instance" "client_windows_2022" { count = var.client_count_windows_2022 iam_instance_profile = data.aws_iam_instance_profile.nomad_e2e_cluster.name availability_zone = var.availability_zone + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } user_data = file("${path.module}/userdata/windows-2022.ps1") @@ -70,6 +82,10 @@ resource "aws_instance" "consul_server" { vpc_security_group_ids = [aws_security_group.consul_server.id] iam_instance_profile = data.aws_iam_instance_profile.nomad_e2e_cluster.name availability_zone = var.availability_zone + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } # Instance tags tags = {