feat: make use of imdsv2 optional

zerodha · Jun 22, 2024 · 6eb4837 · 6eb4837
1 parent db7fb1e
commit 6eb4837
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 0 deletions.
diff --git a/modules/nomad-clients/launch_template.tf b/modules/nomad-clients/launch_template.tf
@@ -12,6 +12,7 @@ resource "aws_launch_template" "nomad_client" {
   user_data = base64encode(data.cloudinit_config.config.rendered)
 
   metadata_options {
+    http_tokens                 = var.http_tokens
     http_endpoint               = "enabled"
     http_put_response_hop_limit = var.http_put_response_hop_limit
     instance_metadata_tags      = "enabled"

diff --git a/modules/nomad-clients/variables.tf b/modules/nomad-clients/variables.tf
@@ -225,3 +225,9 @@ variable "http_put_response_hop_limit" {
   type        = number
   default     = 2
 }
+
+variable "http_tokens" {
+  description = "Whether the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Can be 'optional', 'required', or 'no-preference'."
+  type        = string
+  default     = "no-preference"
+}
diff --git a/modules/nomad-servers/launch_template.tf b/modules/nomad-servers/launch_template.tf
@@ -11,6 +11,7 @@ resource "aws_launch_template" "nomad_server" {
   user_data = base64encode(data.cloudinit_config.config.rendered)
 
   metadata_options {
+    http_tokens                 = var.http_tokens
     http_endpoint               = "enabled"
     http_put_response_hop_limit = var.http_put_response_hop_limit
     instance_metadata_tags      = "enabled"

diff --git a/modules/nomad-servers/variables.tf b/modules/nomad-servers/variables.tf
@@ -186,3 +186,9 @@ variable "http_put_response_hop_limit" {
   type        = number
   default     = 2
 }
+
+variable "http_tokens" {
+  description = "Whether the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Can be 'optional', 'required', or 'no-preference'."
+  type        = string
+  default     = "no-preference"
+}