chore(aws/ec2): improve on metadata server commands, ssh connection

2026-02-09 05:44:23 +00:00 · 2025-09-04 01:08:29 +02:00
parent 6fc69382aa
commit 51e2425501
3 changed files with 10 additions and 1 deletions
--- a/computing/aws/ec2.md
+++ b/computing/aws/ec2.md
@@ -76,6 +76,10 @@ curl 'http://instance-data/latest/meta-data/instance-id'
 curl 'http://169.254.169.254/latest/meta-data/instance-type'
 curl 'http://[fd00:ec2::254]/latest/meta-data/local-ipv4'

+# Query the onboard IMDSv2 metadata server.
+TOKEN="$(curl -X 'PUT' 'http://169.254.169.254/latest/api/token' -H 'X-aws-ec2-metadata-token-ttl-seconds: 60')" \
+&& curl -H "X-aws-ec2-metadata-token: $TOKEN" 'http://169.254.169.254/latest/meta-data/iam/security-credentials'
+
 # Configure the CloudWatch agent
 amazon-cloudwatch-agent-ctl -a 'status'
 /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a 'set-log-level' -l 'INFO'
--- a/snippets/aws/ec2.fish
+++ b/snippets/aws/ec2.fish
@@ -107,7 +107,7 @@ aws ec2 delete-snapshot --snapshot-id 'snap-0123456789abcdef0' --dry-run
 # Retrieve the security credentials for an IAM role named 's3access' from instances
 # IMDSv2
 TOKEN=$(curl -X PUT 'http://169.254.169.254/latest/api/token' -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600') \
-&& curl -H "X-aws-ec2-metadata-token: ${TOKEN}" 'http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access'
+&& curl -H "X-aws-ec2-metadata-token: $TOKEN" 'http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access'
 # IMDSv1
 curl 'http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access'

--- a/snippets/ssh.sh
+++ b/snippets/ssh.sh
@@ -1,3 +1,8 @@
 #!/usr/bin/env sh

+# Load keys from '${HOME}/.ssh' and add them to the agent
 eval $(ssh-agent) && ssh-add
+
+# Connect
+ssh 'desktop.lan'
+ssh 'ec2-user@172.31.42.42' -i '.ssh/aws.key'