From 626d29d7b8362a5c3435bb343a15c6b6a0536180 Mon Sep 17 00:00:00 2001 From: oren Date: Fri, 16 Feb 2024 04:03:28 +0200 Subject: [PATCH] fix: ec2 check to support IMDSv1 and IMDSv2 + moving env vars to conf file fixes #206 * Add support for IMDV2 in the ec2 startup script (thank you @orensharoni) * Fix a typo in the ec2 startup script (thank you @HighOnMikey) --------- Co-authored-by: Oren Sharoni --- standalone_ubuntu_oss_install.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/standalone_ubuntu_oss_install.sh b/standalone_ubuntu_oss_install.sh index 7d144a79..eab03665 100644 --- a/standalone_ubuntu_oss_install.sh +++ b/standalone_ubuntu_oss_install.sh @@ -36,8 +36,12 @@ required=("S3_BUCKET_NAME" "S3_SERVER" "S3_SERVER_PORT" "S3_SERVER_PROTO" if [ ! -z ${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI+x} ]; then echo "Running inside an ECS task, using container credentials" uses_iam_creds=1 +elif TOKEN=$(curl -X PUT --silent --fail --connect-timeout 2 --max-time 2 "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") && \ + curl -H "X-aws-ec2-metadata-token: $TOKEN" --output /dev/null --silent --head --fail --connect-timeout 2 --max-time 5 "http://169.254.169.254"; then + echo "Running inside an EC2 instance, using IMDSv2 for credentials" + uses_iam_creds=1 elif curl --output /dev/null --silent --head --fail --connect-timeout 2 "http://169.254.169.254"; then - echo "Running inside an EC2 instance, using IMDS for credentials" + echo "Running inside an EC2 instance, using IMDSv1 for credentials" uses_iam_creds=1 else required+=("AWS_ACCESS_KEY_ID" "AWS_SECRET_ACCESS_KEY") @@ -312,12 +316,12 @@ EOF # Only include these env vars if we are not using a instance profile credential # to obtain S3 permissions. if [ $uses_iam_creds -eq 0 ]; then - cat >> "/etc/nginx/environment" << EOF + cat >> "/etc/nginx/nginx.conf" << EOF env AWS_ACCESS_KEY_ID; env AWS_SECRET_ACCESS_KEY; EOF if [[ -v AWS_SESSION_TOKEN ]]; then - cat >> "/etc/nginx/environment" << EOF + cat >> "/etc/nginx/nginx.conf" << EOF env AWS_SESSION_TOKEN; EOF fi