Skip to content

chore: use IMDSv2 for spot instances

NOTE THAT THIS FORK IS MAINTAINED FOR CRITICAL BUG FIXES AFFECTING RUNNING COSTS ONLY. NO OTHER CONTRIBUTIONS WILL BE ACCEPTED.

What critical bug this MR is fixing?

This MR adds IMDSv2 metadata to the spot instances created by this driver. IMDSv1 should be considered to be unsafe as explained in #62 (closed). AWS SecurityHub reports warnings with high severity if EC2 instances in your account use the outdated IMDSv1 metadata.

@mh21 fixed this already for RedHat (see cki-project/docker-machine@2a8a5873)

Closes #62 (closed)

How does this change help reduce cost of usage? What scale of cost reduction is it?

In what scenarios is this change usable with GitLab Runner's docker+machine executor?

All scenarios as IMDSv1 is unsafe.

Edited by Matthias Kay

Merge request reports