enum HttpTokens
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.EC2.HttpTokens |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsec2#HttpTokens |
 Java | software.amazon.awscdk.services.ec2.HttpTokens |
 Python | aws_cdk.aws_ec2.HttpTokens |
 TypeScript (source) | aws-cdk-lib » aws_ec2 » HttpTokens |
The state of token usage for your instance metadata requests.
Example
declare const vpc: ec2.Vpc;
declare const instanceType: ec2.InstanceType;
declare const machineImage: ec2.IMachineImage;
// Example 1: Enforce IMDSv2 with comprehensive options
new ec2.Instance(this, 'Instance', {
vpc,
instanceType,
machineImage,
httpEndpoint: true,
httpProtocolIpv6: false,
httpPutResponseHopLimit: 2,
httpTokens: ec2.HttpTokens.REQUIRED,
instanceMetadataTags: true,
});
// Example 2: Enforce IMDSv2 with minimal configuration
new ec2.Instance(this, 'SecureInstance', {
vpc,
instanceType,
machineImage,
httpTokens: ec2.HttpTokens.REQUIRED,
});
Members
| Name | Description |
|---|---|
| OPTIONAL | If the state is optional, you can choose to retrieve instance metadata with or without a signed token header on your request. |
| REQUIRED | If the state is required, you must send a signed token header with any instance metadata retrieval requests. |
OPTIONAL
If the state is optional, you can choose to retrieve instance metadata with or without a signed token header on your request.
REQUIRED
If the state is required, you must send a signed token header with any instance metadata retrieval requests.
In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version 1.0 credentials are not available.