1 個回答
- 最新
- 最多得票
- 最多評論
0
Finally figured it out. There are iptables rules on parallel-cluster
$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N PARALLELCLUSTER_IMDS
-A OUTPUT -d 169.254.169.254/32 -j PARALLELCLUSTER_IMDS
-A OUTPUT -d 169.254.169.254/32 -m owner --uid-owner 129 -j ACCEPT
-A PARALLELCLUSTER_IMDS -d 169.254.169.254/32 -m owner --uid-owner 0 -j ACCEPT
-A PARALLELCLUSTER_IMDS -d 169.254.169.254/32 -m owner --uid-owner 400 -j ACCEPT
-A PARALLELCLUSTER_IMDS -d 169.254.169.254/32 -m owner --uid-owner 1000 -j ACCEPT
-A PARALLELCLUSTER_IMDS -d 169.254.169.254/32 -j REJECT --reject-with icmp-port-unreachable
This blocks the ec2-instance-connect user from accessing the meta-data
已回答 2 年前
相關內容
- 已提問 6 個月前
- 已提問 6 個月前
- 已提問 1 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 1 年前