Bug#954363: cloud-init fails to obtain an IMDS API token on Amazon EC2

[Noah Meyerhans]

Package: cloud-init
Version: 20.1-1
Severity: important

Cloud-init 20.1 attempts to obtain an API token for use with Amazon EC2
instance metadata service (IMDS).  On EC2, this operation should always
succeed, whether using IMDSv1 or v2, and cloud-init will always access
IMDS in v2 mode.  However, this fails on EC2:

2020-03-20 18:25:10,331 - DataSourceEc2.py[DEBUG]: Fetching Ec2 IMDSv2 API Token
2020-03-20 18:25:10,332 - url_helper.py[DEBUG]: [0/1] open 
'http://169.254.169.254/latest/api/token' with {'url': 
'http://169.254.169.254/latest/api/token', 'allow_redirects': True, 'method': 
'PUT', 'timeout': 1.0, 'headers': {'User-Agent': 'Cloud-Init/20.1', 
'X-aws-ec2-metadata-token-ttl-seconds': 'REDACTED'}} configuration
2020-03-20 18:25:10,336 - url_helper.py[DEBUG]: Read from 
http://169.254.169.254/latest/api/token (400, 0b) after 1 attempts
2020-03-20 18:25:10,336 - DataSourceEc2.py[WARNING]: Calling 
'http://169.254.169.254/latest/api/token' failed [0/1s]: empty response [400]
2020-03-20 18:25:10,344 - url_helper.py[DEBUG]: Please wait 1 seconds while we 
wait to try again

With 20.1, cloud-init will fall back to using IMDSv1 in this case, but
this behavior will change in future versions, which will always use v2
mode (it is backwards-compatible with v1), and only use v1 mode for
compatibility with non-AWS services providing IMDS-compatible metadata
endpoints.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.0-4-cloud-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cloud-init depends on:
ii  fdisk               2.34-0.1
ii  gdisk               1.0.5-1
ii  ifupdown            0.8.35+b1
ii  locales             2.30-2
ii  lsb-base            11.1.0
ii  lsb-release         11.1.0
ii  net-tools           1.60+git20180626.aebd88e-1
ii  procps              2:3.3.16-4
ii  python3             3.8.2-1
ii  python3-configobj   5.0.6-3
ii  python3-jinja2      2.10.1-2
ii  python3-jsonpatch   1.23-3
ii  python3-jsonschema  3.0.2-4
ii  python3-oauthlib    3.1.0-1
ii  python3-requests    2.22.0-2
ii  python3-six         1.14.0-2
ii  python3-yaml        5.3.1-1
ii  util-linux          2.34-0.1

Versions of packages cloud-init recommends:
ii  cloud-guest-utils  0.31-1
pn  eatmydata          <none>
ii  sudo               1.8.31-1

Versions of packages cloud-init suggests:
pn  btrfs-progs  <none>
ii  e2fsprogs    1.45.5-2
pn  xfsprogs     <none>

-- debconf information:
* cloud-init/datasources:        Ec2