get-aws-token does not support AWS IMDSv2

[niooss-ledger]

Hello,
While testing peirates v1.1.13 on an AWS account which enforces using IMDSv2 (Instance Metadata Service version 2), get-aws-token fails:

Peirates:># get-aws-token
[-] Error - problem with JSON unmarshal
IAM Credentials for user  are: 

aws_access_key_id = 
aws_secret_access_key = 
aws_session_token = 
Press enter to continue

Moreover, the AWS autodiscovery failed:

Checking AWS...
[-] DoHTTPRequestAndGetBody got a 401 Unauthorized status instead of a successful 2XX status. Failing and printing response: 

[-] GetRequest could not perform request to http://169.254.169.254/latest/ : DoHTTPRequestAndGetBody failed with status 401 Unauthorized

According to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html, this is because requesting http://169.254.169.254/latest/meta-data/ requries a token (in HTTP header X-aws-ec2-metadata-token:), which needs to be first requested with a HTTP PUT request to http://169.254.169.254/latest/api/token. Moreover I confirm that doing these requests with curl work fine in my environment.

Is there any plan to add support of AWS IMDSv2 to peirates?

[rileydakota]

I PRed similar functionality to kubeletmein a while back (4ARMED/kubeletmein#16), would be happy to submit a PR here as well if the maintainers are open to it

[JayBeale]

Yes please @rileydakota - we would appreciate the PR!

Thank you for raising this issue @niooss-ledger !

[JayBeale]

Added in IMDSv2 support for both detection and pulling the token. Thanks @rileydakota !