Posted On: Mar 30, 2021
Amazon EMR now supports Amazon EC2 Instance Metadata Service (IMDS) v2, in addition to v1, for all IMDS calls to EMR clusters. Instance metadata is data about your instance that you can use to configure or manage the running instance. IMDSv1 is fully secure and AWS will continue to support it. But IMDSv2 adds new “belt and suspenders” protections for four types of vulnerabilities that could be used to try to access the IMDS. For more information, please read the
AWS Security blogpost.
From EMR 5.32 and 6.2 onward, Amazon EMR components use IMDSv2 for all IMDS calls. For IMDS calls in your application code, you can use both IMDSv1 and IMDSv2, or configure the IMDS to use only IMDSv2 for added security. For IMDSv2, you can change the default response hop limit (time to live) of the PUT request, default is set to 1, based on your requirements. These features are also available in EMR point releases 5.27.1 and 5.23.1.