Istio 403 response code to AWS 169.254.169.254 host

rberna · April 27, 2020, 6:37pm

We are seeing a combination almost 1:1 of 200 and 403 response codes on the Kiali graph to the 169.254.169.254 host. We tried creating a ServiceEntry to the AWS host as follows:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: aws-metadata
spec:
hosts:

“metadata.amazon.internal”
addresses:

169.254.169.254
ports:

number: 80
name: http
protocol: HTTP
resolution: STATIC
location: MESH_EXTERNAL
endpoints:

address: 169.254.169.254

Any ideas on how to further debug this or find a resolution to the 403 response codes?

rberna · April 29, 2020, 2:31pm

Was able to get this to work with the following:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: aws-metadata
namespace: istio-system
spec:
hosts:

aws.metadata.internal
addresses:

169.254.169.254
ports:

number: 80
name: tcp-80
protocol: tcp

number: 443
name: tcp-443
protocol: tcp
location: MESH_EXTERNAL
resolution: STATIC
endpoints:

address: 169.254.169.254

Topic		Replies	Views
Review ServiceEntry YAML for AWS Services Networking	2	2293	May 21, 2020
ServiceEntry not working	2	1069	April 24, 2020
Kiali complains about incorrect configuration (KIA1101), but hosts exist Kiali	5	1630	May 26, 2021
Can't route to an external https service (error 35) Networking	2	3060	February 26, 2019
Istio outbound https traffic troubleshooting Networking	2	477	July 18, 2022

Istio 403 response code to AWS 169.254.169.254 host

Related topics