EC2: Do not retry on disabled IMDSv2 api/token route returning a 403
Bug #1866290 reported by
Chad Smith
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Fix Released
|
High
|
Unassigned |
Bug Description
The Ec2 IMDSv2 latest/api/token route can be set as disabled and return a 403 indefinitely for an instance.
When receiving any HTTP status codes >= 400 from IMDSv2 on AWS' Ec2 cloud, 2 minutes of retries on the api/token route will not result in a successful Ec2 datasource detection.
Quickly fail Ec2 datasource detection to allow the instance to potentially discover other datasources.
To post a comment you must log in.
Upstream commit landed which addresses this issue
https:/ /github. com/canonical/ cloud-init/ commit/ 1f860e5ac7ebb5b 809c72d8703a0b7 cb3e84ccd0