HttpTokens

class aws_cdk.aws_ec2.HttpTokens(*values)

Bases: Enum

The state of token usage for your instance metadata requests.

See:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance-metadataoptions.html#cfn-ec2-instance-metadataoptions-httptokens

ExampleMetadata:

infused

Example:

# vpc: ec2.Vpc
# instance_type: ec2.InstanceType
# machine_image: ec2.IMachineImage


# Example 1: Enforce IMDSv2 with comprehensive options
ec2.Instance(self, "Instance",
    vpc=vpc,
    instance_type=instance_type,
    machine_image=machine_image,
    http_endpoint=True,
    http_protocol_ipv6=False,
    http_put_response_hop_limit=2,
    http_tokens=ec2.HttpTokens.REQUIRED,
    instance_metadata_tags=True
)

# Example 2: Enforce IMDSv2 with minimal configuration
ec2.Instance(self, "SecureInstance",
    vpc=vpc,
    instance_type=instance_type,
    machine_image=machine_image,
    http_tokens=ec2.HttpTokens.REQUIRED
)

Attributes

OPTIONAL

If the state is optional, you can choose to retrieve instance metadata with or without a signed token header on your request.

REQUIRED

If the state is required, you must send a signed token header with any instance metadata retrieval requests.

In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version 1.0 credentials are not available.