Security - refactor Tibanna to use IMDSv2 and IMDSv2 calls for metada…#415
Merged
alexander-veit merged 3 commits intomasterfrom Sep 24, 2025
Merged
Security - refactor Tibanna to use IMDSv2 and IMDSv2 calls for metada…#415alexander-veit merged 3 commits intomasterfrom
alexander-veit merged 3 commits intomasterfrom
Conversation
…ta access - successfully tested locally
Member
|
Hi Kelly. |
Added explicit installation of ruamel.yaml==0.17.16 in Dockerfile to satisfy cwltool dependency. Removed a temporary log line from aws_run_workflow_generic.sh. Updated project version in pyproject.toml from 5.5.2.b2 to 5.5.2 for release.
alexander-veit
approved these changes
Sep 9, 2025
Member
alexander-veit
left a comment
alexander-veit
left a comment
There was a problem hiding this comment.
I think this works as expected. The changes to awsf3/aws_run_workflow_generic.sh are backwards compatible.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I was able to refactor Tibanna so it works with IMDSv2. I tested the changes in a test AWS account using a local build of the Tibanna repo and it successfully launched IMDSv2 instances and ran the hello world pipeline.
The prebuilt DockerHub image doesn’t include these changes which is why my local ECR build worked but the public image didn’t.
Discussed with Will to review/merge my changes and once my PR is merged you'd just need to rebuild + push a new Tibanna Docker image so Tibanna jobs can use the IMDSv2-compatible version and be compliant with our HMS DBMI Cloud Security Standards.