Hacker News new | past | comments | ask | show | jobs | submit login

Technically, shouldn't. But in AWS' documentation for container roles, they have a note that explicitly suggests implementing a iptables rule (and even provides the iptables command) to prevent access to the instance's metadata.


That said, this is another of those "more ink should be spilled" moments, since preventing access to the instance metadata is something that you SHOULD do from a security point of view.

I don't recall Task Roles being a thing when I started using EC2 Container Service. For container security and isolation, that makes a whole lot of sense.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact