feat: Add IMDS configuration support for AWS_METADATA_SERVICE_TIMEOUT

Add support for AWS_METADATA_SERVICE_TIMEOUT and AWS_METADATA_SERVICE_NUM_ATTEMPTS
environment variables and config file settings to configure IMDS client behavior.

- Add imdsConfig struct to ClientConfiguration.credentialProviderConfig
- Support AWS_METADATA_SERVICE_TIMEOUT env var and metadata_service_timeout config
- Support AWS_METADATA_SERVICE_NUM_ATTEMPTS env var and metadata_service_num_attempts config
- Add InstanceProfileCredentialsProvider constructor accepting ClientConfiguration
- Add EC2InstanceProfileConfigLoader constructor accepting CredentialProviderConfiguration
- Update EC2MetadataClient to use configured timeout and retry values
- Use StringUtils::ConvertToInt32 for parsing instead of std::stol

Resolves customer request for configurable IMDS timeout settings.

Author: kai-ion

src/aws-cpp-sdk-core/include/aws/core/client/ClientConfiguration.h

@@ -506,6 +506,8 @@ namespace Aws
                * Timeout in seconds when retrieving data from IMDS. Default 1.
                */
               long metadataServiceTimeout = 1;
+
+
             } imdsConfig;
           }credentialProviderConfig;
         };

src/aws-cpp-sdk-core/include/aws/core/config/EC2InstanceProfileConfigLoader.h

@@ -6,7 +6,6 @@
 #pragma once
 
 #include <aws/core/config/AWSProfileConfigLoaderBase.h>
-#include <aws/core/client/ClientConfiguration.h>
 
 #include <aws/core/utils/memory/stl/AWSString.h>
 #include <aws/core/utils/memory/stl/AWSMap.h>
@@ -15,13 +14,16 @@
 
 namespace Aws
 {
+    namespace Client
+    {
+        struct ClientConfiguration;
+    }
+    
     namespace Internal
     {
         class EC2MetadataClient;
     }
 
-
-
     namespace Config
     {
         static const char* const INSTANCE_PROFILE_KEY = "InstanceProfile";
@@ -36,12 +38,7 @@ namespace Aws
              * If client is nullptr, the default EC2MetadataClient will be created.
              */
             EC2InstanceProfileConfigLoader(const std::shared_ptr<Aws::Internal::EC2MetadataClient>& = nullptr);
-            
-            /**
-             * Creates EC2MetadataClient using the provided ClientConfiguration.
-             */
-            EC2InstanceProfileConfigLoader(const Aws::Client::ClientConfiguration& clientConfig);
-            
+
             /**
              * Creates EC2MetadataClient using the provided CredentialProviderConfiguration.
              */

src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp

@@ -307,16 +307,14 @@ void setConfigFromEnvOrProfile(ClientConfiguration &config)
         {}, /* allowed values */
         "1" /* default value */);
 
-    // Parse and set IMDS num attempts
-    long attempts = std::stol(numAttemptsStr.c_str());
-    if (attempts >= 1) {
-        config.credentialProviderConfig.imdsConfig.metadataServiceNumAttempts = attempts;
-    }
     // Parse and set IMDS timeout
-    long timeout = std::stol(timeoutStr.c_str());
-    if (timeout >= 1) {
-        config.credentialProviderConfig.imdsConfig.metadataServiceTimeout = timeout;
-    }
+    long timeout = static_cast<long>(Aws::Utils::StringUtils::ConvertToInt32(timeoutStr.c_str()));
+    config.credentialProviderConfig.imdsConfig.metadataServiceTimeout = timeout;
+
+    // Parse and set IMDS num attempts
+    long attempts = static_cast<long>(Aws::Utils::StringUtils::ConvertToInt32(numAttemptsStr.c_str()));
+    config.credentialProviderConfig.imdsConfig.metadataServiceNumAttempts = attempts;
+
 }
 
 ClientConfiguration::ClientConfiguration()

src/aws-cpp-sdk-core/source/config/EC2InstanceProfileConfigLoader.cpp

@@ -38,10 +38,6 @@ namespace Aws
                 m_ec2metadataClient = client;
             }
         }
-
-        EC2InstanceProfileConfigLoader::EC2InstanceProfileConfigLoader(const Aws::Client::ClientConfiguration& clientConfig)
-            : m_ec2metadataClient(Aws::MakeShared<Aws::Internal::EC2MetadataClient>(EC2_INSTANCE_PROFILE_LOG_TAG, clientConfig)) 
-        {}
 
         EC2InstanceProfileConfigLoader::EC2InstanceProfileConfigLoader(const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& credentialConfig)
             : m_ec2metadataClient(Aws::MakeShared<Aws::Internal::EC2MetadataClient>(EC2_INSTANCE_PROFILE_LOG_TAG, credentialConfig))

src/aws-cpp-sdk-core/source/internal/AWSHttpResourceClient.cpp

@@ -82,6 +82,7 @@ namespace Aws
         AWSHttpResourceClient::AWSHttpResourceClient(const Aws::Client::ClientConfiguration& clientConfiguration, const char* logtag)
         : m_logtag(logtag),
           m_userAgent(Aws::Client::ComputeUserAgentString(&clientConfiguration)),
+          // consider the retry strategy, move it to clientconfiguration
           m_retryStrategy(clientConfiguration.retryStrategy ? clientConfiguration.retryStrategy : clientConfiguration.configFactories.retryStrategyCreateFn()),
           m_httpClient(nullptr)
         {
@@ -90,7 +91,7 @@ namespace Aws
                                 << clientConfiguration.maxConnections
                                 << " and scheme "
                                 << SchemeMapper::ToString(clientConfiguration.scheme));
-
+            // **need
             m_httpClient = CreateHttpClient(clientConfiguration);
         }
 
@@ -197,6 +198,7 @@ namespace Aws
             const char *endpoint) :
             AWSHttpResourceClient(clientConfiguration, EC2_METADATA_CLIENT_LOG_TAG),
             m_endpoint(endpoint),
+      // add disable imds to below
             m_disableIMDS(clientConfiguration.disableIMDS),
             m_tokenRequired(true),
             m_disableIMDSV1(clientConfiguration.disableImdsV1)
@@ -207,28 +209,27 @@ namespace Aws
             AWS_LOGSTREAM_TRACE(m_logtag.c_str(), "IMDSv1 had been disabled at the SDK build time");
 #endif
         }
-        
+
         EC2MetadataClient::EC2MetadataClient(const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& credentialConfig,
-            const char *endpoint) :
-            AWSHttpResourceClient([&credentialConfig]() {
-                Aws::Client::ClientConfiguration clientConfig;
-                clientConfig.credentialProviderConfig = credentialConfig;
-                clientConfig.connectTimeoutMs = credentialConfig.imdsConfig.metadataServiceTimeout * 1000;
-                clientConfig.requestTimeoutMs = credentialConfig.imdsConfig.metadataServiceTimeout * 1000;
-                clientConfig.retryStrategy = Aws::MakeShared<DefaultRetryStrategy>(RESOURCE_CLIENT_CONFIGURATION_ALLOCATION_TAG, credentialConfig.imdsConfig.metadataServiceNumAttempts - 1, 1000);
-                clientConfig.maxConnections = 2;
-                clientConfig.scheme = Scheme::HTTP;
-                return clientConfig;
-            }(), EC2_METADATA_CLIENT_LOG_TAG),
-            m_endpoint(endpoint),
-            m_disableIMDS(false),
-            m_tokenRequired(true),
-            m_disableIMDSV1(false)
-        {
+                                             const char* endpoint)
+            : AWSHttpResourceClient(
+                  [&credentialConfig]() -> ClientConfiguration{
+                    Aws::Client::ClientConfiguration clientConfig;
+                    clientConfig.credentialProviderConfig = credentialConfig;
+                    clientConfig.connectTimeoutMs = credentialConfig.imdsConfig.metadata_service_timeout * 1000;
+                    clientConfig.requestTimeoutMs = credentialConfig.imdsConfig.metadata_service_timeout * 1000;
+                    clientConfig.retryStrategy = Aws::MakeShared<DefaultRetryStrategy>(
+                        RESOURCE_CLIENT_CONFIGURATION_ALLOCATION_TAG, credentialConfig.imdsConfig.metadata_service_num_attempts - 1, 1000);
+                    return clientConfig;
+                  }(),
+                  EC2_METADATA_CLIENT_LOG_TAG),
+              m_endpoint(endpoint),
+              m_disableIMDS(false),
+              m_tokenRequired(true),
+              m_disableIMDSV1(false) {
 #if defined(DISABLE_IMDSV1)
-            AWS_UNREFERENCED_PARAM(m_disableIMDSV1);
-            m_disableIMDSV1 = true;
-            AWS_LOGSTREAM_TRACE(m_logtag.c_str(), "IMDSv1 had been disabled at the SDK build time");
+          m_disableIMDSV1 = true;
+          AWS_LOGSTREAM_TRACE(m_logtag.c_str(), "IMDSv1 had been disabled at the SDK build time");
 #endif
         }