allow disabling instance metadata service #1064
Labels
area/control-plane
Control plane related
kind/enhancement
Enhancement, improvement, extension
platform/aws
Amazon web services platform/infrastructure
Comments
gardener-robot
added
area/control-plane
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
/area control-plane
/kind enhancement
/platform aws
What would you like to be added:
Currently the worker config for AWS shoots allows customizing the hop limits and requiring IMDSv2 (#468). However it does not allow disabling IMDS altogether. Proposed API:
Why is this needed:
Many applications that run on gardener aws cluster do not use IMDS or need.
Furthermore, applications that go through security hardening will probably have to block access to IMDS via network policies or other methods, which further adds development and maintenance efforts. Disabling IMDS improves security and reduces repetitive effort.
The text was updated successfully, but these errors were encountered: