I am not able to SSH into a EC2 instance if it is launched with the instance metadata service is turned off.
ec2.runInstances({ ... MetadataOptions: {
HttpEndpoint: 'disabled'..
})
This however is not an issue if I launch with the MetadataOptions enabled and disable it with a modify-instance-metadata-options
call after the instance has finished starting up. Is this documented behaviour? I couldn't find it explicitly mentioned in the documentation anywhere.
Note - this is not a security group, Network ACL, etc issue.
I noticed this too. It seems that disabling IMDS breaks all of the following:
authorized_keys
file for the default user (ie root or ubuntu) is not populated because the EC2 Key Pair is normally provided in instance metadata.http://instance-data.:8773
but this is unavailable when IMDS is disabled.Therefore, if your desire is to disable IMDS from the moment of launch, it seems the only viable workaround is to create your own AMI that has your own configuration (ie. SSH authorized_keys) backed into it. Packer is commonly used for building AMIs in this way.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.