Feature request for container meta data file to include ECS host instance IP address #1575
Comments
8 tasks
|
closing issue, changes have been merged into |
bencord0
pushed a commit
to deliveroo/amazon-ecs-agent
that referenced
this issue
Apr 23, 2019
Related issue: aws#1575 Related PR: aws#1730 PR 1730 adds the Public IP Address of the host to the container metadata file, however the EC2 host may be configured without a public address. In this case, the EC2 metadata API returns a 404 response, and the host IP is not available to containers. Example ECS Agent Log ``` [ERROR] Unable to retrieve Host Instance PublicIPv4 Address: EC2MetadataError: failed to make EC2Metadata request caused by: <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body> </html> ``` This commit adds an extra field to the container metadata json, `HostPrivateIPv4Address` which is available on EC2 hosts without a public address.
bencord0
pushed a commit
to deliveroo/amazon-ecs-agent
that referenced
this issue
Apr 23, 2019
Related issue: aws#1575 Related PR: aws#1730 PR 1730 adds the Public IP Address of the host to the container metadata file, however the EC2 host may be configured without a public address. In this case, the EC2 metadata API returns a 404 response, and the host IP is not available to containers. Example ECS Agent Log ``` [ERROR] Unable to retrieve Host Instance PublicIPv4 Address: EC2MetadataError: failed to make EC2Metadata request caused by: <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body> </html> ``` This commit adds an extra field to the container metadata json, `HostPrivateIPv4Address` which is available on EC2 hosts without a public address.
bencord0
pushed a commit
to deliveroo/amazon-ecs-agent
that referenced
this issue
Apr 23, 2019
Related issue: aws#1575 Related PR: aws#1730 PR 1730 adds the Public IP Address of the host to the container metadata file, however the EC2 host may be configured without a public address. In this case, the EC2 metadata API returns a 404 response, and the host IP is not available to containers. Example ECS Agent Log ``` [ERROR] Unable to retrieve Host Instance PublicIPv4 Address: EC2MetadataError: failed to make EC2Metadata request caused by: <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body> </html> ``` This commit adds an extra field to the container metadata json, `HostPrivateIPv4Address` which is available on EC2 hosts without a public address.
bencord0
pushed a commit
to deliveroo/amazon-ecs-agent
that referenced
this issue
Apr 23, 2019
Related issue: aws#1575 Related PR: aws#1730 PR 1730 adds the Public IP Address of the host to the container metadata file, however the EC2 host may be configured without a public address. In this case, the EC2 metadata API returns a 404 response, and the host IP is not available to containers. Example ECS Agent Log ``` [ERROR] Unable to retrieve Host Instance PublicIPv4 Address: EC2MetadataError: failed to make EC2Metadata request caused by: <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body> </html> ``` This commit adds an extra field to the container metadata json, `HostPrivateIPv4Address` which is available on EC2 hosts without a public address.
bencord0
pushed a commit
to deliveroo/amazon-ecs-agent
that referenced
this issue
Apr 29, 2019
Related issue: aws#1575 Related PR: aws#1730 PR 1730 adds the Public IP Address of the host to the container metadata file, however the EC2 host may be configured without a public address. In this case, the EC2 metadata API returns a 404 response, and the host IP is not available to containers. Example ECS Agent Log ``` [ERROR] Unable to retrieve Host Instance PublicIPv4 Address: EC2MetadataError: failed to make EC2Metadata request caused by: <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body> </html> ``` This commit adds an extra field to the container metadata json, `HostPrivateIPv4Address` which is available on EC2 hosts without a public address.
yhlee-aws
pushed a commit
that referenced
this issue
May 8, 2019
Related issue: #1575 Related PR: #1730 PR 1730 adds the Public IP Address of the host to the container metadata file, however the EC2 host may be configured without a public address. In this case, the EC2 metadata API returns a 404 response, and the host IP is not available to containers. Example ECS Agent Log ``` [ERROR] Unable to retrieve Host Instance PublicIPv4 Address: EC2MetadataError: failed to make EC2Metadata request caused by: <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>404 - Not Found</title> </head> <body> <h1>404 - Not Found</h1> </body> </html> ``` This commit adds an extra field to the container metadata json, `HostPrivateIPv4Address` which is available on EC2 hosts without a public address.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
Customers are using instance meta data inside of the container to get IP address of the host ECS instance. This is a security risk as enabling instance meta data allows for querying IAM credentials as well.
Description
Instance meta data are typically disabled due to security risk of being able to query IAM roles/credentials. To avoid using instance meta data, containers use the container specific meta data file. However, currently the ECS host IP field is not present in container metadata file. Request to include host IP address field to the container meta data file.
Expected Behavior
Observed Behavior
Environment Details
Supporting Log Snippets
The text was updated successfully, but these errors were encountered: