[arvados] created: 2.7.0-6174-gf10e92fe09
git repository hosting
git at public.arvados.org
Wed Mar 13 17:47:06 UTC 2024
at f10e92fe095a7b292dde71da0f1d8465312236d7 (commit)
commit f10e92fe095a7b292dde71da0f1d8465312236d7
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Wed Mar 13 14:45:30 2024 -0300
21585: Updates installer's Terraform code to require IMDSv2 on service nodes.
Applying this change to an already working cluster won't recreate any resource,
just change the settings in place.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/tools/salt-install/terraform/aws/services/main.tf b/tools/salt-install/terraform/aws/services/main.tf
index bdb2bdcc36..54e2fc412b 100644
--- a/tools/salt-install/terraform/aws/services/main.tf
+++ b/tools/salt-install/terraform/aws/services/main.tf
@@ -67,7 +67,10 @@ resource "aws_instance" "arvados_service" {
volume_type = "gp3"
volume_size = try(var.instance_volume_size[each.value], var.instance_volume_size.default)
}
-
+ metadata_options {
+ # Sets IMDSv2 to required. Default is "optional".
+ http_tokens = "required"
+ }
lifecycle {
ignore_changes = [
# Avoids recreating the instance when the latest AMI changes.
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list