DEVOPS-5728 | Make IMDSv2 required in this module (#11)

jourdan-west · web-flow · commit 29c4e70a7094 · 2025-04-21T15:52:23.000-05:00
diff --git a/README.md b/README.md
@@ -40,7 +40,6 @@ and also serves as a unique key for re-use.
 addresses with instances managed by the auto scaling group.
 * `ebs_optimized` - (Default: **false**) Flag to enable Elastic Block Storage
 (EBS) optimization.
-* `enable_imdsv2` - (Default: false) Flag to enforce Instance Metadata Service IMDSv2.
 * `enable_monitoring` - (Optional) Flag to enable detailed monitoring.
 * `instance_based_naming_enabled` - (Optional) Flag to enable dynamic name tags
 on instances. The default format is **stack_item_label-instance-id**. Requires
diff --git a/group/lt/main.tf b/group/lt/main.tf
@@ -64,16 +64,10 @@ resource "aws_launch_template" "lt" {
     }
   }
 
-  # Replace with a simple "metadata_options" block when rolling out to Prod.
-  # This ensures we don't introduce drift to Prod in the meantime.
-  dynamic "metadata_options" {
-    for_each = var.enable_imdsv2 ? [1] : []
-
-    content {
-      http_endpoint               = "enabled"
-      http_tokens                 = "required"
-      http_put_response_hop_limit = 2
-    }
+  metadata_options {
+    http_endpoint               = "enabled"
+    http_tokens                 = "required"
+    http_put_response_hop_limit = 1
   }
 
   instance_type = var.instance_type
diff --git a/group/lt/variables.tf b/group/lt/variables.tf
@@ -1,12 +1,6 @@
 # Input Variables
 
 ## Resource tags
-#Remove this var when rolling out IMDSv2 to Prod
-variable "enable_imdsv2" {
-  type    = bool
-  default = false
-}
-
 variable "stack_item_fullname" {
   type = string
 }
diff --git a/group/main.tf b/group/main.tf
@@ -75,7 +75,6 @@ module "lt" {
   ebs_vol_size                = var.ebs_vol_size
   ebs_vol_snapshot_id         = var.ebs_vol_snapshot_id
   ebs_vol_type                = var.ebs_vol_type
-  enable_imdsv2               = var.enable_imdsv2
   enable_monitoring           = var.enable_monitoring
   instance_market_options     = local.instance_market_options
   instance_profile            = var.instance_profile
diff --git a/group/variables.tf b/group/variables.tf
@@ -1,12 +1,6 @@
 # Input Variables
 
 ## Resource tags
-#Remove this var when rolling out IMDSv2 to Prod
-variable "enable_imdsv2" {
-  type    = bool
-  default = false
-}
-
 variable "stack_item_fullname" {
   type        = string
   description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item."

Original file line number	Diff line number	Diff line change
`@@ -64,16 +64,10 @@ resource "aws_launch_template" "lt" {`
`64`	`64`	`}`
`65`	`65`	`}`
`66`	`66`
`67`		`- # Replace with a simple "metadata_options" block when rolling out to Prod.`
`68`		`- # This ensures we don't introduce drift to Prod in the meantime.`
`69`		`- dynamic "metadata_options" {`
`70`		`- for_each = var.enable_imdsv2 ? [1] : []`
`71`		`-`
`72`		`- content {`
`73`		`- http_endpoint = "enabled"`
`74`		`- http_tokens = "required"`
`75`		`- http_put_response_hop_limit = 2`
`76`		`- }`
	`67`	`+ metadata_options {`
	`68`	`+ http_endpoint = "enabled"`
	`69`	`+ http_tokens = "required"`
	`70`	`+ http_put_response_hop_limit = 1`
`77`	`71`	`}`
`78`	`72`
`79`	`73`	`instance_type = var.instance_type`