chore(cloudformation): Only allow IMDSv2 on Gateway instances

guardian · Oct 11, 2024 · 0ea701d · 0ea701d
1 parent ee2b6e4
commit 0ea701d
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/cdk/lib/__snapshots__/identity-gateway.test.ts.snap b/cdk/lib/__snapshots__/identity-gateway.test.ts.snap
@@ -1054,6 +1054,9 @@ exports[`The IdentityGateway stack matches the snapshot 1`] = `
           "KeyName": {
             "Ref": "KeyName",
           },
+          "MetadataOptions": {
+            "HttpTokens": "required",
+          },
           "SecurityGroupIds": [
             {
               "Ref": "InstanceSecurityGroup",

diff --git a/cloudformation.yaml b/cloudformation.yaml
@@ -258,6 +258,8 @@ Resources:
         KeyName: !Ref KeyName
         SecurityGroupIds:
           - !Ref InstanceSecurityGroup
+        MetadataOptions:
+          HttpTokens: required
         UserData:
           Fn::Base64: !Sub
             - |+