Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Netflix-Skunkworks/aws-metadata-proxy
AWS Metadata Proxy for protection against SSRF
https://github.com/Netflix-Skunkworks/aws-metadata-proxy
Last synced: 20 days ago
JSON representation
AWS Metadata Proxy for protection against SSRF
- Host: GitHub
- URL: https://github.com/Netflix-Skunkworks/aws-metadata-proxy
- Owner: Netflix-Skunkworks
- Archived: true
- Created: 2018-09-17T00:10:18.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2020-03-03T18:19:56.000Z (over 4 years ago)
- Last Synced: 2024-08-03T17:12:14.656Z (3 months ago)
- Language: Go
- Size: 1.95 KB
- Stars: 69
- Watchers: 115
- Forks: 19
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# AWS Metadata Proxy
Example AWS Metadata proxy to protect against attack vectors targetting AWS Credentials
## Getting Started
Clone the repo
```
git clone https://github.com/Netflix-Skunkworks/aws-metadata-proxy.git
cd aws-metadata-proxy
```Build the proxy
```golang
go get
go build
```## Network Setup
Create an `iptable` rule that prevents talking directly to the AWS Metadata Service **except** for a particular user, `proxy_user` in the example below. This is the user you run the proxy as on your server.
```
/sbin/iptables -t nat -A OUTPUT -m owner ! --uid-owner proxy_user -d 169.254.169.254 -p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:9090
```