Hide Forgot
The version of cloud-init included with RHEL is older than 19.4 and as such it does not allow the use of session authentication. Limited impact as AWS still supports IMDS v1, however customer requests' it. Version-Release number of selected component (if applicable): 18.5 More info: - https://github.com/canonical/cloud-init/commit/4bc399e0cd0b7e9177f948aecd49f6b8323ff30b - https://github.com/canonical/cloud-init/blob/master/ChangeLog - https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
*** Bug 1810704 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: cloud-init security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:3898