From 51e242550180f1c417303e9744515a470d36bc8b Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Thu, 4 Sep 2025 01:08:29 +0200
Subject: [PATCH] chore(aws/ec2): improve on metadata server commands, ssh
 connection

---
 knowledge base/cloud computing/aws/ec2.md | 4 ++++
 snippets/aws/ec2.fish                     | 2 +-
 snippets/ssh.sh                           | 5 +++++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/knowledge base/cloud computing/aws/ec2.md b/knowledge base/cloud computing/aws/ec2.md
index 6d89692..5d45363 100644
--- a/knowledge base/cloud computing/aws/ec2.md	
+++ b/knowledge base/cloud computing/aws/ec2.md	
@@ -76,6 +76,10 @@ curl 'http://instance-data/latest/meta-data/instance-id'
 curl 'http://169.254.169.254/latest/meta-data/instance-type'
 curl 'http://[fd00:ec2::254]/latest/meta-data/local-ipv4'
 
+# Query the onboard IMDSv2 metadata server.
+TOKEN="$(curl -X 'PUT' 'http://169.254.169.254/latest/api/token' -H 'X-aws-ec2-metadata-token-ttl-seconds: 60')" \
+&& curl -H "X-aws-ec2-metadata-token: $TOKEN" 'http://169.254.169.254/latest/meta-data/iam/security-credentials'
+
 # Configure the CloudWatch agent
 amazon-cloudwatch-agent-ctl -a 'status'
 /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a 'set-log-level' -l 'INFO'
diff --git a/snippets/aws/ec2.fish b/snippets/aws/ec2.fish
index 2dd3826..7113db2 100644
--- a/snippets/aws/ec2.fish
+++ b/snippets/aws/ec2.fish
@@ -107,7 +107,7 @@ aws ec2 delete-snapshot --snapshot-id 'snap-0123456789abcdef0' --dry-run
 # Retrieve the security credentials for an IAM role named 's3access' from instances
 # IMDSv2
 TOKEN=$(curl -X PUT 'http://169.254.169.254/latest/api/token' -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600') \
-&& curl -H "X-aws-ec2-metadata-token: ${TOKEN}" 'http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access'
+&& curl -H "X-aws-ec2-metadata-token: $TOKEN" 'http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access'
 # IMDSv1
 curl 'http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access'
 
diff --git a/snippets/ssh.sh b/snippets/ssh.sh
index b6539f2..25943ee 100644
--- a/snippets/ssh.sh
+++ b/snippets/ssh.sh
@@ -1,3 +1,8 @@
 #!/usr/bin/env sh
 
+# Load keys from '${HOME}/.ssh' and add them to the agent
 eval $(ssh-agent) && ssh-add
+
+# Connect
+ssh 'desktop.lan'
+ssh 'ec2-user@172.31.42.42' -i '.ssh/aws.key'