Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Connect timeout getting IMDSv2 token

0

My app is running on the latest ElasticBeanstlk Tomcat 10.1/Corretto 17 platform. Recently an API call failed because the PUT request to get the IMDSv2 token endpoint failed with a connect timeout. The request was retried a number of times but the timeout error continued to happen.

How can this happen? Surely http://169.254.169.254/latest/api/token should always be available?

I've also seen 503 errors connecting to the metadata service. I'm making calls relatively infrequently (around 1 per minute) so can't see how query throttling could be happening.

Topics
Compute
Tags
Amazon EC2AWS Elastic Beanstalk
Language
English
asked 2 years ago1.6K views
2 Answers
0

The following bullet under Considerations in the EC2 User Guide might be helpful in your case:

In a container environment, set the hop limit to 2

The AWS SDKs use IMDSv2 calls by default. If the IMDSv2 call receives no response, the SDK retries the call and, if still unsuccessful, uses IMDSv1. This can result in a delay, especially in a container environment. In a container environment, if the hop limit is 1, the IMDSv2 response does not return because going to the container is considered an additional network hop. To avoid the process of falling back to IMDSv1 and the resultant delay, in a container environment we recommend that you set the hop limit to 2. For more information, see Configure the instance metadata options.

AWS
answered 2 years ago
0

I'm not using the SDK here, just making direct HTTP calls to

http://169.254.169.254/latest/api/token

so I'm not sure the hop count is relevent.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content