Routing for Metadata Service

We highly recommend you check out the ECS credential provider emulator capability instead of using the Metadata service capability. But if needed, here are the steps:

Run commands:

sudo ifconfig lo0 169.254.169.254 alias

echo "rdr pass on lo0 inet proto tcp from any to 169.254.169.254 port 80 -> 127.0.0.1 port 9091" | sudo pfctl -ef -

Alternatively to persist the settings above on a Mac, download the plists and place them in /Library/LaunchDaemons and reboot or issue the following commands:

launchctl load /Library/LaunchDaemons/com.user.weep.plist
launchctl load /Library/LaunchDaemons/com.user.lo0-loopback.plist

Create a text file at the location of your choosing with the following contents:

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [1:216]
:POSTROUTING ACCEPT [1:216]
-A OUTPUT -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:9091
COMMIT

Enable the rules by running the following:

sudo /sbin/iptables-restore < <path_to_file>.txt

PreviousAdvanced Configuration NextShell Completion

Last updated 3 years ago

Was this helpful?