Possibility to reduce the number of IMDSv2 token calls? #627
-
Hello everyone. I recently published my first public Rust program and I'm using the AWS SDK. I'm using IMDSv2 to get:
Each one of these perform a call to get an IMDSv2 token. They should be able to use the same one (which is what I would have done in an equivalent bash script, for example). Is it possible to somehow supply a token manually? If there isn't, can such a feature be added? And I don't think it is possible to retrieve the cached token from one of the requests above, which would be needed to pass it on. Here's an issue I filed for myself that has links to the code snippets in my repository: stefansundin/bottlerocket-bootstrap-associate-eip#1. Here's some of the code I use: let region_provider = aws_config::imds::region::ImdsRegionProvider::builder().build();
let region = region_provider.region().await;
let imds_client = aws_config::imds::client::Client::builder()
.build()
.await
.expect("could not initialize the IMDS client");
let instance_id = imds_client
.get("/latest/meta-data/instance-id")
.await
.expect("could not get the instance ID from IMDS");
let shared_config = aws_config::from_env()
.credentials_provider(aws_config::imds::credentials::ImdsCredentialsProvider::builder().build())
.region(region)
.load()
.await;
let ec2_client = aws_sdk_ec2::Client::new(&shared_config); Check out version 0.1.0 of the program for simpler code (just 59 lines) than version 0.2.0: https://github.com/stefansundin/bottlerocket-bootstrap-associate-eip/blob/v0.1.0/src/main.rs Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
I think the reason it's not caching is because each individual IMDS Note: the |
Beta Was this translation helpful? Give feedback.
-
Hello! Reopening this discussion to make it searchable. |
Beta Was this translation helpful? Give feedback.
I think the reason it's not caching is because each individual IMDS
Client
maintains its own token cache. You can construct the IMDS client once, and then pass it into theImdsRegionProvider
andImdsCredentialsProvider
builders.Note: the
aws-config
defaults already use IMDS to retrieve region and credentials, so this extra configuration code isn't necessary unless you're trying to prohibit other methods of discovering them.