AWS CloudFormation Template (CFT) Improvements
IMDSv2 support
MarkLogic 11.1.0 adds support for version 2 of the EC2 Instance Metadata Service (IMDSv2). This is the latest and most secure option for managing and accessing EC2 instance metadata and is now the default when launching MarkLogic from version 11.1.0 of the CloudFormation Templates. The MarkLogic AMIs still default to IMDSv2 for backward compatibility but the IMDSv2 option is set to "required" by default in the 11.1.0 and later CFTs.
In order to use MarkLogic Server AMIs before 11.1.0 with the new templates, the templates will need to be modified to set IMDSv2 to "optional" as IMDSv2 is not supported in earlier versions of the MarkLogic AMI. See the AWS Security Blog for more details about IMDSv2.
Launch templates
Starting with MarkLogic 11.1.0, the MarkLogic CloudFormation Templates replace the use of Launch Configurations with Launch Templates. This ensures that MarkLogic CFT users can make use of all of new EC2 features now available in AWS Launch Templates. See the AWS Compute Blog for more details about the introduction of AWS Launch Templates.
Notice
The use of Launch Templates in the CFTs requires that new privileges be added to the the IAM role used to launch the CloudFormation stacks. Add the following privileges to the IAM role used to launch MarkLogic clusters via the CFTs:
"ec2:CreateLaunchTemplate"
"ec2:DescribeLaunchTemplates"
"ec2:DeleteLaunchTemplate"
"ec2:ModifyLaunchTemplate"
"Resource": "arn:aws:ec2:::launch-template/*"
See Creating an IAM Role in Getting Started with MarkLogic Server on AWS for the complete list of additional privileges required.