root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity

added section on IMDS version to the readme

This commit is contained in:
Stefan Moser 2021-04-07 14:06:02 -07:00
parent 1ae148734a
commit 14e06f91e8
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
deps/rabbitmq_aws/README.md vendored
View File

@ -35,6 +35,15 @@ The credentials values have the following precedence:
- Credentials file
- EC2 Instance Metadata Service
### EC2 Instance Metadata Service Versions
There are two versions of the EC2 Instance Metadata Service that are available by default on EC2 instances; IMDSv1 and IMDSv2 which is protected by session authencation
and [adds defenses against aditional vulnerabilities](https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/).
AWS recommends adopting IMDSv2 and disabling IMDSv1 [by configuring the Instance Metadata Service on the EC2 instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html).
By default *rabbitmq-aws* will attempt to use IMDSv2 first and will fallback to use IMDSv1 if calls to IMDSv2 fail. This behavior can be overridden
by setting the ``aws_prefer_imdsv2`` setting to ``false``.
### Environment Variables
As with the AWS CLI, the following environment variables can be used to provide
@ -67,7 +76,7 @@ configuration or to impact configuration behavior:
## Example Usage
The following example assumes that you either have locally configured credentials or that
you're using the AWS Instance Metadata service for credentials:
you're using the EC2 Instance Metadata Service for credentials:
```erlang
application:start(rabbitmq_aws).