projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6b9cb67)
21585: Updates installer's Terraform code to require IMDSv2 on service nodes. 21585-installer-imdsv2
authorLucas Di Pentima <lucas.dipentima@curii.com>
Wed, 13 Mar 2024 17:45:30 +0000 (14:45 -0300)
committerLucas Di Pentima <lucas.dipentima@curii.com>
Wed, 13 Mar 2024 17:45:30 +0000 (14:45 -0300)
Applying this change to an already working cluster won't recreate any resource,
just change the settings in place.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>

tools/salt-install/terraform/aws/services/main.tf patch | blob | history

diff --git a/tools/salt-install/terraform/aws/services/main.tf b/tools/salt-install/terraform/aws/services/main.tf
index bdb2bdcc366aa53db51b67408c6ce48c5200f5d4..54e2fc412bc8b87883ab8fe83bfaab5b9230104a 100644 (file)
--- a/tools/salt-install/terraform/aws/services/main.tf
+++ b/tools/salt-install/terraform/aws/services/main.tf
@@ -67,7 +67,10 @@ resource "aws_instance" "arvados_service" {
     volume_type = "gp3"
     volume_size = try(var.instance_volume_size[each.value], var.instance_volume_size.default)
   }
-
+  metadata_options {
+    # Sets IMDSv2 to required. Default is "optional".
+    http_tokens = "required"
+  }
   lifecycle {
     ignore_changes = [
       # Avoids recreating the instance when the latest AMI changes.