fix: ec2 check to support IMDSv1 and IMDSv2 + moving env vars to conf file fixes #206

orensharoni · Oren Sharoni · web-flow · commit 626d29d7b836 · 2024-02-15T18:03:28.000-08:00
* Add support for IMDV2 in the ec2 startup script (thank you @orensharoni) * Fix a typo in the ec2 startup script (thank you @HighOnMikey) --------- Co-authored-by: Oren Sharoni <oren.sharoni@techmahindra.com>
diff --git a/standalone_ubuntu_oss_install.sh b/standalone_ubuntu_oss_install.sh
@@ -36,8 +36,12 @@ required=("S3_BUCKET_NAME" "S3_SERVER" "S3_SERVER_PORT" "S3_SERVER_PROTO"
 if [ ! -z ${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI+x} ]; then
   echo "Running inside an ECS task, using container credentials"
   uses_iam_creds=1
+elif TOKEN=$(curl -X PUT --silent --fail --connect-timeout 2 --max-time 2 "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") && \
+  curl -H "X-aws-ec2-metadata-token: $TOKEN" --output /dev/null --silent --head --fail --connect-timeout 2 --max-time 5 "http://169.254.169.254"; then 
+  echo "Running inside an EC2 instance, using IMDSv2 for credentials"
+  uses_iam_creds=1
 elif curl --output /dev/null --silent --head --fail --connect-timeout 2 "http://169.254.169.254"; then
-  echo "Running inside an EC2 instance, using IMDS for credentials"
+  echo "Running inside an EC2 instance, using IMDSv1 for credentials"
   uses_iam_creds=1
 else
   required+=("AWS_ACCESS_KEY_ID" "AWS_SECRET_ACCESS_KEY")
@@ -312,12 +316,12 @@ EOF
 # Only include these env vars if we are not using a instance profile credential
 # to obtain S3 permissions.
 if [ $uses_iam_creds -eq 0 ]; then
-  cat >> "/etc/nginx/environment" << EOF
+  cat >> "/etc/nginx/nginx.conf" << EOF
 env AWS_ACCESS_KEY_ID;
 env AWS_SECRET_ACCESS_KEY;
 EOF
   if [[ -v AWS_SESSION_TOKEN ]]; then
-    cat >> "/etc/nginx/environment" << EOF
+    cat >> "/etc/nginx/nginx.conf" << EOF
 env AWS_SESSION_TOKEN;
 EOF
   fi
