feat: enforce IMDSv2 by default (Phase 6.a)

action.yml

@@ -70,6 +70,17 @@ inputs:
       IAM Role Name to attach to the created EC2 instance.
       This requires additional permissions on the AWS role used to launch instances.
     required: false
+  http-tokens:
+    description: >-
+      Instance Metadata Service (IMDS) token mode. Accepted values:
+        - 'required' (default): IMDSv2-only. Any request to the IMDS
+          endpoint (169.254.169.254) must present a session token.
+          Mitigates SSRF-style credential theft.
+        - 'optional': IMDSv1 and IMDSv2 both work. Only set this if
+          a consumer workflow explicitly needs IMDSv1 compatibility.
+      Passed through to RunInstances MetadataOptions.HttpTokens.
+    required: false
+    default: 'required'
   debug:
     description: >-
       When 'true', the action emits extra diagnostic output to the

dist/index.js

@@ -87942,6 +87942,15 @@ async function startEc2Instance(label, githubRegistrationToken) {
     SecurityGroupIds: [config.input.securityGroupId],
     IamInstanceProfile: { Name: config.input.iamRoleName },
     TagSpecifications: config.tagSpecifications,
+    // IMDSv2 required by default. Mitigates SSRF-style IAM credential
+    // theft from the runner — any metadata request must present a
+    // session token. HttpPutResponseHopLimit: 1 prevents the token
+    // from reaching containerized workloads one hop deeper.
+    MetadataOptions: {
+      HttpTokens: config.input.httpTokens,
+      HttpPutResponseHopLimit: 1,
+      HttpEndpoint: 'enabled',
+    },
   };
 
   let ec2InstanceId;
@@ -88033,6 +88042,7 @@ class Config {
       label: core.getInput('label'),
       ec2InstanceId: core.getInput('ec2-instance-id'),
       iamRoleName: core.getInput('iam-role-name'),
+      httpTokens: core.getInput('http-tokens') || 'required',
       debug: core.getInput('debug') || 'false',
     };
 

src/aws.js

@@ -96,6 +96,15 @@ async function startEc2Instance(label, githubRegistrationToken) {
     SecurityGroupIds: [config.input.securityGroupId],
     IamInstanceProfile: { Name: config.input.iamRoleName },
     TagSpecifications: config.tagSpecifications,
+    // IMDSv2 required by default. Mitigates SSRF-style IAM credential
+    // theft from the runner — any metadata request must present a
+    // session token. HttpPutResponseHopLimit: 1 prevents the token
+    // from reaching containerized workloads one hop deeper.
+    MetadataOptions: {
+      HttpTokens: config.input.httpTokens,
+      HttpPutResponseHopLimit: 1,
+      HttpEndpoint: 'enabled',
+    },
   };
 
   let ec2InstanceId;

src/config.js

@@ -16,6 +16,7 @@ class Config {
       label: core.getInput('label'),
       ec2InstanceId: core.getInput('ec2-instance-id'),
       iamRoleName: core.getInput('iam-role-name'),
+      httpTokens: core.getInput('http-tokens') || 'required',
       debug: core.getInput('debug') || 'false',
     };
 

tests/config.test.js

@@ -131,6 +131,18 @@ describe('Config — mode validation', () => {
   });
 });
 
+describe('Config — http-tokens input', () => {
+  test('defaults to "required" when unset', () => {
+    const config = loadConfig(startModeInputs);
+    expect(config.input.httpTokens).toBe('required');
+  });
+
+  test('honors an "optional" override', () => {
+    const config = loadConfig({ ...startModeInputs, 'http-tokens': 'optional' });
+    expect(config.input.httpTokens).toBe('optional');
+  });
+});
+
 describe('Config — debug input', () => {
   test('defaults to "false" when unset', () => {
     const config = loadConfig(startModeInputs);