Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix metadata token usage for EC2 metadata requests and add AZ error handling #84

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix metadata token usage for EC2 metadata requests and add AZ error handling #84

wants to merge 1 commit into from

Conversation

@nisei1
Copy link

@nisei1 nisei1 commented Mar 26, 2025

Overview

This pull request addresses a bug where the EC2 instance's availability zone (AZ) was not properly retrieved, causing the DNS A record update in Route53 to fail. The root cause was that the IMDSv2 token was used only for retrieving the public IP address, but not for obtaining other critical metadata such as the instance-id and AZ. Without the token, the AZ was empty, leading to an error during region extraction using ${AZ::-1}.

Changes Made

  • IMDSv2 Token Consistency:
    Updated the metadata retrieval commands for instance-id and placement/availability-zone to include the X-aws-ec2-metadata-token header.

  • AZ Validation:
    Added an error check to exit the script early if the availability zone is empty, preventing further processing and potential errors.

  • Region Extraction:
    With the AZ correctly obtained, the region extraction ${AZ::-1} now works as expected, ensuring that subsequent AWS CLI commands (e.g., fetching the tag for DOMAIN_NAME and updating Route53 records) operate in the correct region.

How to Test

  1. Deploy the updated script on an EC2 instance with IMDSv2 enabled.
  2. Ensure that the EC2 instance has the DOMAIN_NAME tag set (e.g., nisei.com).
  3. Start the service using sudo systemctl start minecloud.service.
  4. Confirm that:
    • The metadata (instance-id, AZ, public IP) is correctly retrieved.
    • The script extracts the region properly.
    • The Route53 DNS A record is updated with the EC2 instance's public IP.
    • The error handling for missing AZ works if metadata is not available.

Additional Notes

  • This change improves the script’s robustness by ensuring that all metadata requests use the IMDSv2 token.
  • It also prevents the script from proceeding with an empty AZ, which previously led to a substring error.
  • First OSS Contribution:
    This is my first contribution to an open source project. If I have made any mistakes in the contribution process, I would greatly appreciate any feedback on how to improve.
  • English Language Note:
    My native language is Japanese, and I used generative AI to help produce the English text in this pull request. I apologize in advance if any part of the English comes off as impolite or contains errors.

Thanks for considering this fix!

@nisei1
fix: Use IMDSv2 token for all metadata requests and add AZ validation
0a1e2b1 
- Retrieve instance-id and availability-zone using the IMDSv2 token.
- Add an error check for empty availability zone to avoid substring errors.
- Ensure correct region extraction for Route53 DNS updates.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nisei1