Skip to content
This repository has been archived by the owner on Oct 14, 2020. It is now read-only.

Netflix-Skunkworks/aws-metadata-proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
main.go
main.go
 
 

Repository files navigation

AWS Metadata Proxy

Example AWS Metadata proxy to protect against attack vectors targetting AWS Credentials

Getting Started

Clone the repo

git clone https://github.com/Netflix-Skunkworks/aws-metadata-proxy.git
cd aws-metadata-proxy

Build the proxy

go get
go build

Network Setup

Create an iptable rule that prevents talking directly to the AWS Metadata Service except for a particular user, proxy_user in the example below. This is the user you run the proxy as on your server.

/sbin/iptables -t nat -A OUTPUT -m owner ! --uid-owner proxy_user -d 169.254.169.254 -p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:9090

About

AWS Metadata Proxy for protection against SSRF

Resources

Readme
Activity
Custom properties

Stars

68 stars

Watchers

117 watching

Forks

19 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages