chore: updated ec2 configurations for vmp

psekar · psekar · commit f348a1e33727 · 2025-08-31T07:03:38.000-07:00
diff --git a/enos/README.md b/enos/README.md
@@ -66,6 +66,8 @@ following lines
 127.0.0.1       localhost       worker
 127.0.0.1       localhost       vault
 ```
+### AWS Credentials
+Copy the AWS Account credentials from doormat and set it in the terminal, where the enos commands are run.
 
 ## Executing Scenarios
 From the `enos` directory:
diff --git a/enos/modules/aws_boundary/boundary-instances.tf b/enos/modules/aws_boundary/boundary-instances.tf
@@ -26,6 +26,11 @@ resource "aws_instance" "controller" {
     encrypted   = true
   }
 
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
+
   tags = merge(local.common_tags,
     {
       Name = "${local.name_prefix}-boundary-controller-${count.index}-${split(":", data.aws_caller_identity.current.user_id)[1]}"
@@ -54,6 +59,11 @@ resource "aws_instance" "worker" {
     encrypted   = true
   }
 
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
+
   tags = merge(local.common_tags,
     {
       Name = "${local.name_prefix}-boundary-worker-${count.index}-${split(":", data.aws_caller_identity.current.user_id)[1]}",
diff --git a/enos/modules/aws_target/main.tf b/enos/modules/aws_target/main.tf
@@ -126,13 +126,18 @@ resource "aws_instance" "target" {
     "Type" : "target",
     "Project" : "Enos",
     "Project Name" : "qti-enos-boundary",
-    "Environment" : var.environment
+    "Environment" : var.environment,
     "Enos User" : var.enos_user,
   })
 
   root_block_device {
     encrypted = true
   }
+
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
 }
 
 resource "enos_remote_exec" "wait" {
diff --git a/enos/modules/aws_vault/vault-instances.tf b/enos/modules/aws_vault/vault-instances.tf
@@ -17,6 +17,11 @@ resource "aws_instance" "vault_instance" {
       Type = local.vault_cluster_tag
     },
   )
+
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
 }
 
 resource "enos_remote_exec" "install_dependencies" {
diff --git a/enos/modules/aws_worker/main.tf b/enos/modules/aws_worker/main.tf
@@ -161,6 +161,11 @@ resource "aws_instance" "worker" {
       Name = "${var.name_prefix}-boundary-worker-${split(":", data.aws_caller_identity.current.user_id)[1]}",
     },
   )
+
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
 }
 
 resource "enos_bundle_install" "worker" {

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,11 @@ resource "aws_instance" "controller" {`
`26`	`26`	`encrypted = true`
`27`	`27`	`}`
`28`	`28`
	`29`	`+ metadata_options {`
	`30`	`+ http_endpoint = "enabled"`
	`31`	`+ http_tokens = "required"`
	`32`	`+ }`
	`33`	`+`
`29`	`34`	`tags = merge(local.common_tags,`
`30`	`35`	`{`
`31`	`36`	`Name = "${local.name_prefix}-boundary-controller-${count.index}-${split(":", data.aws_caller_identity.current.user_id)[1]}"`
`@@ -54,6 +59,11 @@ resource "aws_instance" "worker" {`
`54`	`59`	`encrypted = true`
`55`	`60`	`}`
`56`	`61`
	`62`	`+ metadata_options {`
	`63`	`+ http_endpoint = "enabled"`
	`64`	`+ http_tokens = "required"`
	`65`	`+ }`
	`66`	`+`
`57`	`67`	`tags = merge(local.common_tags,`
`58`	`68`	`{`
`59`	`69`	`Name = "${local.name_prefix}-boundary-worker-${count.index}-${split(":", data.aws_caller_identity.current.user_id)[1]}",`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,11 @@ resource "aws_instance" "vault_instance" {`
`17`	`17`	`Type = local.vault_cluster_tag`
`18`	`18`	`},`
`19`	`19`	`)`
	`20`	`+`
	`21`	`+ metadata_options {`
	`22`	`+ http_endpoint = "enabled"`
	`23`	`+ http_tokens = "required"`
	`24`	`+ }`
`20`	`25`	`}`
`21`	`26`
`22`	`27`	`resource "enos_remote_exec" "install_dependencies" {`
Original file line number	Diff line number	Diff line change
`@@ -161,6 +161,11 @@ resource "aws_instance" "worker" {`
`161`	`161`	`Name = "${var.name_prefix}-boundary-worker-${split(":", data.aws_caller_identity.current.user_id)[1]}",`
`162`	`162`	`},`
`163`	`163`	`)`
	`164`	`+`
	`165`	`+ metadata_options {`
	`166`	`+ http_endpoint = "enabled"`
	`167`	`+ http_tokens = "required"`
	`168`	`+ }`
`164`	`169`	`}`
`165`	`170`
`166`	`171`	`resource "enos_bundle_install" "worker" {`