protect AWS CF deployments by automatically blocking metadata URL (#578)

b2b2c2af · Timothy Carambat · GitHub · 1563a1b2 · b2b2c2af
Unverified Commit b2b2c2af authored 1 year ago by Timothy Carambat Committed by GitHub 1 year ago
--- a/cloud-deployments/aws/cloudformation/cloudformation_create_anythingllm.json
+++ b/cloud-deployments/aws/cloudformation/cloudformation_create_anythingllm.json
@@ -82,7 +82,8 @@
                "\n",
                "#!/bin/bash\n",
                "# check output of userdata script with sudo tail -f /var/log/cloud-init-output.log\n",
-                "sudo yum install docker -y\n",
+                "sudo yum install docker iptables -y\n",
+                "sudo iptables -A OUTPUT -m owner ! --uid-owner root -d 169.254.169.254 -j DROP\n",
                "sudo systemctl enable docker\n",
                "sudo systemctl start docker\n",
                "mkdir -p /home/ec2-user/anythingllm\n",