From 0ea701d58df5b27c83d4eb82cb96e947a3042731 Mon Sep 17 00:00:00 2001
From: Ashleigh Carr <ashcorr20@gmail.com>
Date: Fri, 11 Oct 2024 11:08:04 +0100
Subject: [PATCH] chore(cloudformation): Only allow IMDSv2 on Gateway instances

---
 cdk/lib/__snapshots__/identity-gateway.test.ts.snap | 3 +++
 cloudformation.yaml                                 | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/cdk/lib/__snapshots__/identity-gateway.test.ts.snap b/cdk/lib/__snapshots__/identity-gateway.test.ts.snap
index 173313508..f56e8c33a 100644
--- a/cdk/lib/__snapshots__/identity-gateway.test.ts.snap
+++ b/cdk/lib/__snapshots__/identity-gateway.test.ts.snap
@@ -1054,6 +1054,9 @@ exports[`The IdentityGateway stack matches the snapshot 1`] = `
           "KeyName": {
             "Ref": "KeyName",
           },
+          "MetadataOptions": {
+            "HttpTokens": "required",
+          },
           "SecurityGroupIds": [
             {
               "Ref": "InstanceSecurityGroup",
diff --git a/cloudformation.yaml b/cloudformation.yaml
index e7256c509..a3613cd51 100644
--- a/cloudformation.yaml
+++ b/cloudformation.yaml
@@ -258,6 +258,8 @@ Resources:
         KeyName: !Ref KeyName
         SecurityGroupIds:
           - !Ref InstanceSecurityGroup
+        MetadataOptions:
+          HttpTokens: required
         UserData:
           Fn::Base64: !Sub
             - |+