Added support for new command line parameter --disable-imds-v1 to disable IMDSv1 for Elastic BeanStalk environments.

ashishdhingra · ashishdhingra · commit d9670b00095d · 2024-07-02T10:34:04.000-07:00
diff --git a/src/Amazon.ElasticBeanstalk.Tools/Amazon.ElasticBeanstalk.Tools.csproj b/src/Amazon.ElasticBeanstalk.Tools/Amazon.ElasticBeanstalk.Tools.csproj
@@ -10,7 +10,7 @@
     <PackAsTool>true</PackAsTool>
     <ToolCommandName>dotnet-eb</ToolCommandName>
     <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
-    <Version>4.3.4</Version>
+    <Version>4.4.0</Version>
     <AssemblyName>dotnet-eb</AssemblyName>
     <Authors>Amazon Web Services</Authors>
     <Copyright>Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.</Copyright>
diff --git a/src/Amazon.ElasticBeanstalk.Tools/Commands/CommandProperties.cs b/src/Amazon.ElasticBeanstalk.Tools/Commands/CommandProperties.cs
@@ -19,6 +19,7 @@ public class DeployEnvironmentProperties
         public string IISWebSite { get; set; }
         public bool? WaitForUpdate { get; set; }
         public bool? EnableXRay { get; set; }
+        public bool? DisableIMDSv1 { get; set; }
         public Dictionary<string,string> Tags { get; set; }
         public Dictionary<string, string> AdditionalOptions { get; set; }
 
@@ -92,6 +93,8 @@ internal void ParseCommandArguments(CommandOptions values)
                 this.LoadBalancerType = tuple.Item2.StringValue;
             if ((tuple = values.FindCommandOption(EBDefinedCommandOptions.ARGUMENT_ENABLE_STICKY_SESSIONS.Switch)) != null)
                 this.EnableStickySessions = tuple.Item2.BoolValue;
+            if ((tuple = values.FindCommandOption(EBDefinedCommandOptions.ARGUMENT_DISABLE_IMDS_V1.Switch)) != null)
+                this.DisableIMDSv1 = tuple.Item2.BoolValue;
 
             if ((tuple = values.FindCommandOption(EBDefinedCommandOptions.ARGUMENT_PROXY_SERVER.Switch)) != null)
                 this.ProxyServer = tuple.Item2.StringValue;
@@ -119,6 +122,7 @@ internal void PersistSettings(EBBaseCommand command, JsonData data)
             data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_ENVIRONMENT_TYPE.ConfigFileKey, command.GetStringValueOrDefault(this.EnvironmentType, EBDefinedCommandOptions.ARGUMENT_ENVIRONMENT_TYPE, false));
             data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_LOADBALANCER_TYPE.ConfigFileKey, command.GetStringValueOrDefault(this.LoadBalancerType, EBDefinedCommandOptions.ARGUMENT_LOADBALANCER_TYPE, false));
             data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_ENABLE_STICKY_SESSIONS.ConfigFileKey, command.GetBoolValueOrDefault(this.EnableStickySessions, EBDefinedCommandOptions.ARGUMENT_ENABLE_STICKY_SESSIONS, false));
+            data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_DISABLE_IMDS_V1.ConfigFileKey, command.GetBoolValueOrDefault(this.DisableIMDSv1, EBDefinedCommandOptions.ARGUMENT_DISABLE_IMDS_V1, false));
             data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_CNAME_PREFIX.ConfigFileKey, command.GetStringValueOrDefault(this.CNamePrefix, EBDefinedCommandOptions.ARGUMENT_CNAME_PREFIX, false));
             data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_INSTANCE_TYPE.ConfigFileKey, command.GetStringValueOrDefault(this.InstanceType, EBDefinedCommandOptions.ARGUMENT_INSTANCE_TYPE, false));
             data.SetIfNotNull(EBDefinedCommandOptions.ARGUMENT_EC2_KEYPAIR.ConfigFileKey, command.GetStringValueOrDefault(this.EC2KeyPair, EBDefinedCommandOptions.ARGUMENT_EC2_KEYPAIR, false));
diff --git a/src/Amazon.ElasticBeanstalk.Tools/Commands/DeployEnvironmentCommand.cs b/src/Amazon.ElasticBeanstalk.Tools/Commands/DeployEnvironmentCommand.cs
@@ -40,6 +40,7 @@ public class DeployEnvironmentCommand : EBBaseCommand
             EBDefinedCommandOptions.ARGUMENT_INSTANCE_TYPE,
             EBDefinedCommandOptions.ARGUMENT_HEALTH_CHECK_URL,
             EBDefinedCommandOptions.ARGUMENT_ENABLE_XRAY,
+            EBDefinedCommandOptions.ARGUMENT_DISABLE_IMDS_V1,
             EBDefinedCommandOptions.ARGUMENT_ENHANCED_HEALTH_TYPE,
             EBDefinedCommandOptions.ARGUMENT_INSTANCE_PROFILE,
             EBDefinedCommandOptions.ARGUMENT_SERVICE_ROLE,
@@ -59,6 +60,9 @@ public class DeployEnvironmentCommand : EBBaseCommand
         const string OPTIONS_NAME_PROXY_SERVER = "ProxyServer";
         const string OPTIONS_NAME_APPLICATION_PORT = "PORT";
 
+        const string OPTIONS_NAMESPACE_DISABLE_IMDS_V1 = "aws:autoscaling:launchconfiguration";
+        const string OPTIONS_NAME_DISABLE_IMDS_V1 = "DisableIMDSv1";
+
         public string Package { get; set; }
 
         public DeployEnvironmentProperties DeployEnvironmentOptions { get; } = new DeployEnvironmentProperties();
@@ -415,7 +419,6 @@ private async Task<string> CreateEnvironment(string application, string environm
                     Value = loadBalancerType
                 });
             }
-           
 
             AddAdditionalOptions(createRequest.OptionSettings, true, isWindowsEnvironment);
 
@@ -456,6 +459,26 @@ private void AddAdditionalOptions(IList<ConfigurationOptionSetting> settings, bo
                 }
             }
 
+            var disableIMDSv1 = this.GetBoolValueOrDefault(this.DeployEnvironmentOptions.DisableIMDSv1, EBDefinedCommandOptions.ARGUMENT_DISABLE_IMDS_V1, false);
+            if (disableIMDSv1.HasValue)
+            {
+                var existingSetting = settings.FirstOrDefault(s => s.Namespace == OPTIONS_NAMESPACE_DISABLE_IMDS_V1 && s.OptionName == OPTIONS_NAME_DISABLE_IMDS_V1);
+
+                if (existingSetting != null)
+                {
+                    existingSetting.Value = disableIMDSv1.Value.ToString(CultureInfo.InvariantCulture).ToLowerInvariant();
+                }
+                else
+                {
+                    settings.Add(new ConfigurationOptionSetting()
+                    {
+                        Namespace = OPTIONS_NAMESPACE_DISABLE_IMDS_V1,
+                        OptionName = OPTIONS_NAME_DISABLE_IMDS_V1,
+                        Value = disableIMDSv1.Value.ToString(CultureInfo.InvariantCulture).ToLowerInvariant()
+                    });
+                }
+            }
+
             var enableXRay = this.GetBoolValueOrDefault(this.DeployEnvironmentOptions.EnableXRay, EBDefinedCommandOptions.ARGUMENT_ENABLE_XRAY, false);
             if(enableXRay.HasValue)
             {
diff --git a/src/Amazon.ElasticBeanstalk.Tools/EBDefinedCommandOptions.cs b/src/Amazon.ElasticBeanstalk.Tools/EBDefinedCommandOptions.cs
@@ -205,5 +205,14 @@ public class EBDefinedCommandOptions
                 ValueType = CommandOption.CommandOptionValueType.IntValue,
                 Description = $"The application port that will be redirect to port 80. The default is port {EBConstants.DEFAULT_APPLICATION_PORT}."
             };
+
+        public static readonly CommandOption ARGUMENT_DISABLE_IMDS_V1 =
+            new CommandOption
+            {
+                Name = "Disable IMDSv1",
+                Switch = "--disable-imds-v1",
+                ValueType = CommandOption.CommandOptionValueType.BoolValue,
+                Description = "If set to true then the IMDSv1 will be disabled on EC2 instances running the application."
+            };
     }
 }
