One of the AWS recommendations in Security Hub considered "High" severity is setting all EC2 instances to use Instance Metadata Service Version 2 (IMDSv2). Is there a way to make this happen with elastic Bamboo instances?
If I have access to edit the command that's run to launch the instances, that would work (--metadata-options "HttpEndpoint=enabled,HttpTokens=required" added to the aws ec2 run-instances command). If I'm not able to edit that, any other thoughts? Thanks in advance!
The best way I've found to modify an EC2 instance when it's launched is to use CloudWatch Events and Lambda. You could adapt the solution I developed for adding additional security groups to a launching elastic agent.
See my original question and the solution.
For whoever find this thread, let's push Atlassian support this via https://jira.atlassian.com/browse/BAM-21978
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey, Atlassian team, this is a Sec issue many bamboo user will need for AWS Integration. Please provide a native solution ASAP.
Bamboo should support native IMDS v2 instead customer has to update post ec2 launch.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.