Merge pull request #62 from titouan-joseph/main

feat(instance): adding IMDSv2 support on instance
F5Networks · Aug 26, 2024 · d21e8f1 · d21e8f1
2 parents 90326d4 + 2fda0f4
commit d21e8f1
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/main.tf b/main.tf
@@ -258,10 +258,19 @@ resource "aws_instance" "f5_bigip" {
     Name = format("BIGIP-Instance-%s", local.instance_prefix)
     }
   )
+
+  dynamic "metadata_options" {
+    for_each = var.enable_imdsv2 ? [1] : []
+    content {
+      http_endpoint = "enabled"
+      http_tokens   = "required"
+    }
+  }
+
   depends_on = [aws_eip.mgmt, aws_network_interface.public, aws_network_interface.private]
 }
 
 resource "time_sleep" "wait_for_aws_instance_f5_bigip" {
   depends_on      = [aws_instance.f5_bigip]
   create_duration = var.sleep_time
-}
+}
diff --git a/variables.tf b/variables.tf
@@ -67,6 +67,12 @@ variable "ebs_volume_type" {
   default     = "gp2"
 }
 
+variable "enable_imdsv2" {
+  description = "Whether to enable IMDSv2 on the EC2 instance."
+  default     = false
+  type        = bool
+}
+
 variable "aws_secretmanager_auth" {
   description = "Whether to use secret manager to pass authentication"
   type        = bool
@@ -232,4 +238,4 @@ variable "sleep_time" {
   type        = string
   default     = "600s"
   description = "The number of seconds/minutes of delay to build into creation of BIG-IP VMs; default is 250. BIG-IP requires a few minutes to complete the onboarding process and this value can be used to delay the processing of dependent Terraform resources."
-}
+}