protect AWS CF deployments by automatically blocking metadata URL (#578)

This commit is contained in:
Timothy Carambat 2024-01-11 18:37:00 -08:00 committed by GitHub
parent 1563a1b20f
commit b2b2c2afe1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -82,7 +82,8 @@
"\n", "\n",
"#!/bin/bash\n", "#!/bin/bash\n",
"# check output of userdata script with sudo tail -f /var/log/cloud-init-output.log\n", "# check output of userdata script with sudo tail -f /var/log/cloud-init-output.log\n",
"sudo yum install docker -y\n", "sudo yum install docker iptables -y\n",
"sudo iptables -A OUTPUT -m owner ! --uid-owner root -d 169.254.169.254 -j DROP\n",
"sudo systemctl enable docker\n", "sudo systemctl enable docker\n",
"sudo systemctl start docker\n", "sudo systemctl start docker\n",
"mkdir -p /home/ec2-user/anythingllm\n", "mkdir -p /home/ec2-user/anythingllm\n",