Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-75189

Instance profile not working with instance metadata IMDSv2

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • ec2-plugin
    • None

      Hi, 

      When trying to setup the EC2 plugin with an instance using 'IMDSv2' I get the following error

       

      Failed to obtain credentials from EC2 instance profile: Unauthorized (Service: null; Status Code: 401; Error Code: null; Request ID: null; Proxy: null) 

      However, when I run through the steps on the EC2 instance running the Jenkins Controller I can successfully retrieve credentials for the instance i.e.

       

       

      TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \
      && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/iam/security-credentials/<IAM ROLE OF EC2 INSTANCE> 

      This command comes from the AWS docs.

      Not sure if I'm doing something wrong or if the plugin doesn't support instances running on V2 of the Instance Metadata Service?

       

          [JENKINS-75189] Instance profile not working with instance metadata IMDSv2

          Oliver Sayer added a comment -

          Apologies this was fixed by increasing the Instance metadata option hop count to two as we are running Jenkins within a docker container

          Oliver Sayer added a comment - Apologies this was fixed by increasing the Instance metadata option hop count to two as we are running Jenkins within a docker container

            thoulen FABRIZIO MANFREDI
            sayerjr Oliver Sayer
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: