From e23fe4915620293b7b3d12dcd407285e0072ccab Mon Sep 17 00:00:00 2001
From: Giacomo Marciani <mgiacomo@amazon.com>
Date: Thu, 30 Jan 2025 15:15:37 -0500
Subject: [PATCH] [IMDS Lockdown] Add example of usage to imds-access.sh
 helper.

---
 .../files/imds/imds-access.sh                  | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/cookbooks/aws-parallelcluster-environment/files/imds/imds-access.sh b/cookbooks/aws-parallelcluster-environment/files/imds/imds-access.sh
index cd2f6633b7..a4635a87d7 100755
--- a/cookbooks/aws-parallelcluster-environment/files/imds/imds-access.sh
+++ b/cookbooks/aws-parallelcluster-environment/files/imds/imds-access.sh
@@ -32,6 +32,24 @@ function help() {
   --unset <user1,...,userN>   Remove iptables rules related to IMDS for the given list of users
   --flush                     Restore default IMDS access
   --help                      Print this help message
+
+  Examples:
+
+    Allow access for USER1 and USER2, without changing other users
+      ${cmd} --allow USER1,USER2
+
+    Deny access for USER1 and USER2, without changing other users
+      ${cmd} --deny USER1,USER2
+
+    Allow access only for USER1 and USER2, removing every other user from the allowlist
+      ${cmd} --flush
+      ${cmd} --allow USER1,USER2
+
+    Remove rules for USER1 and USER2, without changing other users
+      ${cmd} --unset USER1,USER2
+
+    Remove IMDS lockdown, so that all users will be able to access IMDS
+      ${cmd} --flush
 EOF
 }