Windows Container on EC2 unable to connect to http://169.254.169.254/latest/meta-data
Cannot figure out why my docker container running on Windows Server 2016 is not able to hit AWS instance metadata endpoint for its host. On Linux I do not encounter these issues with pulling the metadata for the host of the container, however I am a Windows Noob not sure why this isn't working. I've searched for answers, but could not find an answer.
Container is able to ping the internet (8.8.8.8)
PS C:\> invoke-webrequest -uri "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
invoke-webrequest : Unable to connect to the remote server
At line:1 char:1
+ invoke-webrequest -uri "http://169.254.169.254/latest/meta-data/iam/s ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
Solution 1:
Even if a router should not route a local-link address windows can if you give it the good statics routes. It's just some network rules... not RFC violations.
Solution from : https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html
# Fetch the default gateway IP of container (bridge to host)
$gateway = (Get-NetRoute | Where { $_.DestinationPrefix -eq '0.0.0.0/0' } | Sort-Object RouteMetric | Select NextHop).NextHop
# Fetch the container internal IP interface index
$ifIndex = (Get-NetAdapter -InterfaceDescription "Hyper-V Virtual Ethernet*" | Sort-Object | Select ifIndex).ifIndex
# Create a new route similar to "169.254.169.254 255.255.255.255 172.30.42.1 172.30.42.82 5256"
New-NetRoute -DestinationPrefix 169.254.169.254/32 -InterfaceIndex $ifIndex -NextHop $gateway