Hi,

I had an issue using external-dns in my EKS cluster due to having my instances setup to enforce IMDSv2. It seems that this is the default behavior since about some time.

My error was as follows:

time="2025-05-22T08:19:51Z" level=error msg="Failed to do run once: soft error\nrecords retrieval failed: soft error\nfailed to list hosted zones: operation error Route 53: ListHostedZones, get identity: get credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, canceled, context deadline exceeded"

After allowing IMDSv1 in my nodegroup instances everything is fine so it seems that external-dns relies in IMDSv1 to work properly. I've been looking into allowing IMDSv2 in external-dns but I wasn't able to find anything.

Do you know if this is an issue that must be addressed or am I missing something?

In case you wonder how IMDSv2 works, you have a little explanation here

Thanks