remove base class and rename variable to requireImdsv2

packages/@aws-cdk/aws-autoscaling/README.md

@@ -385,23 +385,21 @@ new autoscaling.AutoScalingGroup(stack, 'ASG', {
 You can configure [EC2 Instance Metadata Service](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) options to either
 allow both IMDSv1 and IMDSv2 or enforce IMDSv2 when interacting with the IMDS.
 
-To do this for a single `AutoScalingGroup`, you can use set the `disableImdsv1` property.
-The example below demonstrates IMDSv1 being disabled on a single `AutoScalingGroup`:
+To do this for a single `AutoScalingGroup`, you can use set the `requireImdsv2` property.
+The example below demonstrates IMDSv2 being required on a single `AutoScalingGroup`:
 
 ```ts
 new autoscaling.AutoScalingGroup(stack, 'ASG', {
-  disableImdsv1: true,
+  requireImdsv2: true,
   // ...
 });
 ```
 
-You can also use `AutoScalingGroupImdsAspect` to apply the operation to multiple AutoScalingGroups.
-The example below demonstrates the `AutoScalingGroupImdsAspect` being used to disable IMDSv1 for all AutoScalingGroups in a stack:
+You can also use `AutoScalingGroupRequireImdsv2Aspect` to apply the operation to multiple AutoScalingGroups.
+The example below demonstrates the `AutoScalingGroupRequireImdsv2Aspect` being used to require IMDSv2 for all AutoScalingGroups in a stack:
 
 ```ts
-const aspect = new autoscaling.AutoScalingGroupImdsAspect({
-  enableImdsV1: false,
-});
+const aspect = new autoscaling.AutoScalingGroupRequireImdsv2Aspect();
 
 Aspects.of(stack).add(aspect);
 ```

packages/@aws-cdk/aws-autoscaling/lib/aspects/index.ts

@@ -1 +1 @@
-export * from './imds-aspect';
+export * from './require-imdsv2-aspect';

packages/@aws-cdk/aws-autoscaling/lib/aspects/require-imdsv2-aspect.ts

@@ -0,0 +1,38 @@
+import * as cdk from '@aws-cdk/core';
+import { AutoScalingGroup } from '../auto-scaling-group';
+import { CfnLaunchConfiguration } from '../autoscaling.generated';
+
+/**
+ * Aspect that makes IMDSv2 required on instances deployed by AutoScalingGroups.
+ */
+export class AutoScalingGroupRequireImdsv2Aspect implements cdk.IAspect {
+  constructor() {
+  }
+
+  public visit(node: cdk.IConstruct): void {
+    if (!(node instanceof AutoScalingGroup)) {
+      return;
+    }
+
+    const launchConfig = node.node.tryFindChild('LaunchConfig') as CfnLaunchConfiguration;
+    if (cdk.isResolvableObject(launchConfig.metadataOptions)) {
+      this.warn(node, 'CfnLaunchConfiguration.MetadataOptions field is a CDK token.');
+      return;
+    }
+
+    launchConfig.metadataOptions = {
+      ...launchConfig.metadataOptions,
+      httpTokens: 'required',
+    };
+  }
+
+  /**
+   * Adds a warning annotation to a node.
+   *
+   * @param node The scope to add the warning to.
+   * @param message The warning message.
+   */
+  protected warn(node: cdk.IConstruct, message: string) {
+    cdk.Annotations.of(node).addWarning(`${AutoScalingGroupRequireImdsv2Aspect.name} failed on node ${node.node.id}: ${message}`);
+  }
+}

packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts

@@ -15,7 +15,7 @@ import {
   Tokenization, withResolved,
 } from '@aws-cdk/core';
 import { Construct } from 'constructs';
-import { AutoScalingGroupImdsAspect } from './aspects';
+import { AutoScalingGroupRequireImdsv2Aspect } from './aspects';
 import { CfnAutoScalingGroup, CfnAutoScalingGroupProps, CfnLaunchConfiguration } from './autoscaling.generated';
 import { BasicLifecycleHookProps, LifecycleHook } from './lifecycle-hook';
 import { BasicScheduledActionProps, ScheduledAction } from './scheduled-action';
@@ -388,11 +388,11 @@ export interface AutoScalingGroupProps extends CommonAutoScalingGroupProps {
   readonly initOptions?: ApplyCloudFormationInitOptions;
 
   /**
-   * Whether IMDSv1 should be disabled on launched instances.
+   * Whether IMDSv2 should be required on launched instances.
    *
    * @default - false
    */
-  readonly disableImdsv1?: boolean;
+  readonly requireImdsv2?: boolean;
 }
 
 /**
@@ -1075,8 +1075,8 @@ export class AutoScalingGroup extends AutoScalingGroupBase implements
 
     this.spotPrice = props.spotPrice;
 
-    if (props.disableImdsv1 === true) {
-      Aspects.of(this).add(new AutoScalingGroupImdsAspect({ enableImdsV1: false }));
+    if (props.requireImdsv2) {
+      Aspects.of(this).add(new AutoScalingGroupRequireImdsv2Aspect());
     }
   }
 

packages/@aws-cdk/aws-autoscaling/test/aspects/require-imdsv2-aspect.test.ts

@@ -0,0 +1,79 @@
+import {
+  expect as expectCDK,
+  haveResourceLike,
+} from '@aws-cdk/assert-internal';
+import '@aws-cdk/assert-internal/jest';
+import * as ec2 from '@aws-cdk/aws-ec2';
+import * as cdk from '@aws-cdk/core';
+import {
+  AutoScalingGroup,
+  AutoScalingGroupRequireImdsv2Aspect,
+  CfnLaunchConfiguration,
+} from '../../lib';
+
+describe('AutoScalingGroupRequireImdsv2Aspect', () => {
+  let app: cdk.App;
+  let stack: cdk.Stack;
+  let vpc: ec2.Vpc;
+
+  beforeEach(() => {
+    app = new cdk.App();
+    stack = new cdk.Stack(app, 'Stack');
+    vpc = new ec2.Vpc(stack, 'Vpc');
+  });
+
+  test('warns when metadataOptions is a token', () => {
+    // GIVEN
+    const asg = new AutoScalingGroup(stack, 'AutoScalingGroup', {
+      vpc,
+      instanceType: new ec2.InstanceType('t2.micro'),
+      machineImage: ec2.MachineImage.latestAmazonLinux(),
+    });
+    const launchConfig = asg.node.tryFindChild('LaunchConfig') as CfnLaunchConfiguration;
+    launchConfig.metadataOptions = fakeToken();
+    const aspect = new AutoScalingGroupRequireImdsv2Aspect();
+
+    // WHEN
+    cdk.Aspects.of(stack).add(aspect);
+
+    // THEN
+    expectCDK(stack).notTo(haveResourceLike('AWS::AutoScaling::LaunchConfiguration', {
+      MetadataOptions: {
+        HttpTokens: 'required',
+      },
+    }));
+    expect(asg.node.metadataEntry).toContainEqual({
+      data: expect.stringContaining('CfnLaunchConfiguration.MetadataOptions field is a CDK token.'),
+      type: 'aws:cdk:warning',
+      trace: undefined,
+    });
+  });
+
+  test('requires IMDSv2', () => {
+    // GIVEN
+    new AutoScalingGroup(stack, 'AutoScalingGroup', {
+      vpc,
+      instanceType: new ec2.InstanceType('t2.micro'),
+      machineImage: ec2.MachineImage.latestAmazonLinux(),
+    });
+    const aspect = new AutoScalingGroupRequireImdsv2Aspect();
+
+    // WHEN
+    cdk.Aspects.of(stack).add(aspect);
+
+    // THEN
+    expectCDK(stack).to(haveResourceLike('AWS::AutoScaling::LaunchConfiguration', {
+      MetadataOptions: {
+        HttpTokens: 'required',
+      },
+    }));
+  });
+});
+
+function fakeToken(): cdk.IResolvable {
+  return {
+    creationStack: [],
+    resolve: (_c) => {},
+    toString: () => '',
+  };
+}

packages/@aws-cdk/aws-autoscaling/test/auto-scaling-group.test.ts

@@ -1365,7 +1365,7 @@ describe('auto scaling group', () => {
 
   });
 
-  test('disables imdsv1', () => {
+  test('requires imdsv2', () => {
     // GIVEN
     const stack = new cdk.Stack();
     const vpc = mockVpc(stack);
@@ -1375,7 +1375,7 @@ describe('auto scaling group', () => {
       vpc,
       instanceType: new ec2.InstanceType('t2.micro'),
       machineImage: ec2.MachineImage.latestAmazonLinux(),
-      disableImdsv1: true,
+      requireImdsv2: true,
     });
 
     // THEN