ec2 private subnet can't reach 169.254.169.254 when os is windows server 2019

0
votes

i've got multiple ec2 instances running in a private subnet (only traffic within the vpc is allowed). some of those instances are custom OS, some of those instances run AWS windows server 2012 ami, and some run AWS windows server 2019 ami.

on all machines, except the windows server 2019 - i can retrieve the meta data of the instance by calling "http://169.254.169.254/latest/meta-data". on windows server 2019 - it fails. firewall is down, same route table for all machines, and mostly the only diff between them is that the working instances run EC2Config, and the windows server 2019 run EC2Launch (of course, the OSes are different too).

any idea what can cause this behavior?

thanks!!

1
amazon-web-servicesamazon-ec2
I've heard of this before, but it was always related to the Windows Firewall.John Rotenstein
What is the exact behavior? "it fails" means connection timeout? You may want to check if IMDSv2 is enabled (this would cause it to return 401 Unauthorized if a token is not passed).stefansundin
it's not 401 - it's "Unable to connect to the remote server"drizzt13
and i tried IMDSv2 - same result as abovedrizzt13

1 Answers

0
votes

Well, i'm not sure why it happend only on some of my instances, but on this forum i've found this script - and running it solved my issue.

in order to be able to run this file all the times (also on instances that the metadata link works), i've added this code at the start of the script - which will stop the script in case the metadata link works:

$httpReq = [System.Net.WebRequest]::Create('http://169.254.169.254/latest/meta-data')
$httpRes = $httpReq.GetResponse()
$httpStts= [int]$httpRes.StatusCode

if ($httpStts -eq 200) {
    Write-Host "No need for script - exiting"

    if($httpRes -ne $null) {
        $httpRes.Close()
    }

    exit
}
# rest of the script goes here

thought to post my solution here so if anyway had my problem, it will help him.

thanks all for the help.