Image Changes in AWS EC2 for IMDS Access

Share
Share

In 2019 AWS EC2 introduced the Instance Metadata Service v2 (IMDSv2) protocol to enhance security when accessing the metadata for an instance in EC2. Since then a lot of effort has been made to move everything that depends on IMDS to use the v2 protocol. The AMI creation process also has a setting to make IMDSv2 the default for any instance created from such an image. Further as of mid 2024 any new instance types that AWS creates will only support the IMDSv2 protocol. In other words, the writing is on the wall, IMDSv1 is on it’s way to extinction.

As such, and in collaboration and coordination with AWS, all images released by SUSE for new distributions, starting with the recently released SUSE Linux Enterprise Micro 6 and new service packs starting with the recently released SUSE Linux Enterprise Server 15 SP6 and the SAP and HPC products have the images configured in such a way that IMDSv2 is the default when an instance gets created from these images. IF you have your own applications that access IMDS that do not yet use IMDSv2 you will need to update those applications accordingly.

If you need more time to switch to IMDSv2 you currently still have the option to disable it . All the tooling in the SUSE images has been prepared for this change for some time and as such there are no behavioral changes for the repository setup process. If you do not have any custom tooling accessing IMDS or run 3rd party applictaions that use IMDS you have nothing to worry about.

Share
(Visited 1 times, 1 visits today)
Avatar photo
309 views