Does Domino support IMDSv2?

Version:

Domino 4.5.1+

Issue:

Does Domino support Instance Metadata Service Version 2 (IMDSv2)?

Information:

The short answer is that as of Domino v4.5.1 we do support IMDSv2.  If you are doing a new install then we support this out of the box.  If however you are doing an in place upgrade from IMDSv1 to IMDSv2 against a running Domino deployment you will need to update the Instance Metadata from:

"MetadataOptions": {
                        "State": "applied",
                        "HttpTokens": "optional",
                        "HttpEndpoint": "enabled",
                        "HttpPutResponseHopLimit": 1
                    },

to:

"MetadataOptions": {
                        "State": "applied",
                        "HttpTokens": "required",
                        "HttpEndpoint": "enabled",
                        "HttpPutResponseHopLimit": 2
                    },

If you are unable to take an outage to update the instance metadata on your launch templates and relaunch then updates can be made live on running instances with:

aws ec2 modify-instance-metadata-options --instance-id <instance-id> --http-token required --http-endpoint enabled --http-put-response-hop-limit 2

But don't forget to update your launch templates if you go this route.

Notes:

Domino Model Manager has a known issue with IMDSv2 and will not be fully supported with IMDSv2 until Domino 5.3.0; see DOM-39515 - DMM does not support IMDS v2 when using IAM roles for S3 (Domino Internal)