Bug ID 968657: Added support for IMDSv2 on AWS

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 16.1.0, 16.1.1, 16.1.2

Fixed In:
17.0.0, 16.1.2.1, 15.1.5.1

Opened: Dec 01, 2020
Severity: 3-Major

Symptoms

AWS added a token-based Instance MetaData Service API (IMDSv2). Prior versions of BIG-IP Virtual Edition supported only a request/response method (IMDSv1). When the AWS API is starting with IMDSv2, you will receive the following error message: get_dossier call on the command line fails with: 01170003:3: halGetDossier returned error (1): Dossier generation failed. This latest version of BIG-IP Virtual Edition now supports instances started with IMDSv2.

Impact

BIG-IP Virtual Edition cannot license or re-license AWS instances started with IMDSv2 and other metadata-based functionality will not function.

Conditions

AWS instances started with IMDSv2.

Workaround

None

Fix Information

With the latest version of BIG-IP VE, you can now initialize "IMDSv2 only" instances in AWS and migrate your existing instances to "IMDSv2 only" using aws-cli commands. For details, consult documentation: https://clouddocs.f5.com/cloud/public/v1/shared/aws-ha-IAM.html#check-the-metadata-service-for-iam-role IMDSv2 documentation from AWS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

Behavior Change