projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
21585: Updates installer's Terraform code to require IMDSv2 on service nodes.
[arvados.git] / tools / salt-install / terraform / aws / services / main.tf
diff --git a/tools/salt-install/terraform/aws/services/main.tf b/tools/salt-install/terraform/aws/services/main.tf
index bdb2bdcc366aa53db51b67408c6ce48c5200f5d4..54e2fc412bc8b87883ab8fe83bfaab5b9230104a 100644 (file)
--- a/tools/salt-install/terraform/aws/services/main.tf
+++ b/tools/salt-install/terraform/aws/services/main.tf
@@ -67,7 +67,10 @@ resource "aws_instance" "arvados_service" {
     volume_type = "gp3"
     volume_size = try(var.instance_volume_size[each.value], var.instance_volume_size.default)
   }
-
+  metadata_options {
+    # Sets IMDSv2 to required. Default is "optional".
+    http_tokens = "required"
+  }
   lifecycle {
     ignore_changes = [
       # Avoids recreating the instance when the latest AMI changes.