ITPLT-637 use IMDSv2

ansible.cfg

@@ -2,3 +2,4 @@
 retry_files_enabled = False
 callback_whitelist = profile_tasks
 conditional_bare_variables = True
+collections_paths = ./

bin/install-ansible

@@ -30,3 +30,6 @@ PIPENV_NOSPIN=1 PIPENV_HIDE_EMOJIS=1 pipenv sync 2>&1 | iconv -c -f utf-8 -t asc
 if [[ $1 == "--dev" ]]; then
     pipenv sync --dev
 fi
+
+echo "Installing collections from galaxy..."
+pipenv run ansible-galaxy collection install -v -r requirements.yml

requirements.yml

@@ -0,0 +1,4 @@
+---
+collections:
+  - name: amazon.aws
+    version: 3.0.0

roles/diy_backup/templates/bitbucket.diy-backup.vars.sh.j2

@@ -2,7 +2,8 @@
 
 INSTANCE_NAME={{ atl_aws_stack_name }}
 
-AWS_INFO=$(curl -Lsf http://169.254.169.254/latest/dynamic/instance-identity/document)
+IMDSv2_TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 60")
+AWS_INFO=$(curl -H "X-aws-ec2-metadata-token: $IMDSv2_TOKEN" -Lsf http://169.254.169.254/latest/dynamic/instance-identity/document)
 AWS_ACCOUNT_ID=$(echo "${AWS_INFO}" | jq -r .accountId)
 AWS_AVAILABILITY_ZONE=$(echo "${AWS_INFO}" | jq -r .availabilityZone)
 AWS_REGION=$(echo "${AWS_INFO}" | jq -r .region)