- まずはIAMロールに、“ec2:ModifyInstanceMetadataOptions"の許可を追加する
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:ModifyInstanceMetadataOptions",
"Resource": "arn:aws:ec2:*:00000000000:instance/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Role": "MyAppRole"
}
}
}
]
}
- modify-instance-metadata-optionsを実行して、ホップ制限を増やす
#!/bin/bash
set -euo pipefail
cd `/usr/bin/dirname $0`
_TOKEN=
for i in {1..10}
do
_TOKEN=`curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 120"`
if [ -z "$_TOKEN" ]; then
sleep $i
else
break
fi
done
_ID=`curl -s -H "X-aws-ec2-metadata-token: $_TOKEN" http://169.254.169.254/latest/meta-data/instance-id/`
aws ec2 modify-instance-metadata-options \
--instance-id $_ID \
--http-put-response-hop-limit 2 \
--http-endpoint enabled
docker run --gpus all -it --rm \
--volume /home/ubuntu/app:/work:ro \
--workdir /work \
-p 80:80 \
my-container-name \
python3 /usr/local/bin/waitress-serve --port=80 app:app