Configure metadata endpoint

Author: mheffner

main.tf

@@ -302,6 +302,12 @@ resource "aws_launch_template" "default" {
   lifecycle {
     create_before_destroy = true
   }
+
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens = var.enable_imdsv2 ? "required" : "optional"
+    http_protocol_ipv6 = var.metadata_ipv6 ? "enabled" : "disabled"
+  }
 }
 
 resource "aws_autoscaling_group" "default" {

variables.tf

@@ -75,6 +75,18 @@ variable "associate_public_ip_address" {
   default = null
 }
 
+variable "enable_imdsv2" {
+  description = "Enable IMDSv2"
+  type = bool
+  default = true
+}
+
+variable "metadata_ipv6" {
+  description = "Enable IPv6 metadata endpoint"
+  type = bool
+  default = false
+}
+
 ######################
 ## SESSION LOGGING ##
 ####################