How to Block the Cloud Metadata Endpoint on Runners
The link-local metadata endpoint hands out cloud credentials, so a job that can reach it can steal the runner instance role.
Block 169.254.169.254 from job containers and enforce IMDSv2 so a malicious step or an SSRF cannot mint credentials from the runner instance profile.
Steps
- Enforce IMDSv2 (session tokens) and set the hop limit to 1.
- Drop traffic to
169.254.169.254from job containers. - Prefer OIDC over the instance role so no metadata creds are needed.
Block metadata from containers
Terminal
# Enforce IMDSv2, hop limit 1 (AWS)
aws ec2 modify-instance-metadata-options \
--instance-id "$IID" --http-tokens required --http-put-response-hop-limit 1
# Drop container traffic to the metadata IP on the host
sudo iptables -I DOCKER-USER -d 169.254.169.254 -j DROPGotchas
- A hop limit above 1 lets containerized jobs still reach the metadata service.
- harden-runner also blocks the metadata endpoint at the network layer as a second control.
Related guides
How to Give Self-Hosted Runners Least-Privilege Cloud CredentialsAttach a minimal IAM role to self-hosted GitHub Actions runners so a compromised job can only touch the exact…
How to Apply Firewall Rules to Self-Hosted RunnersRestrict inbound and outbound traffic on self-hosted GitHub Actions runners with host and cloud firewall rule…