protect AWS CF deployments by automatically blocking metadata URL (#578)

cloud-deployments/aws/cloudformation/cloudformation_create_anythingllm.json

@@ -82,7 +82,8 @@
                 "\n",
                 "#!/bin/bash\n",
                 "# check output of userdata script with sudo tail -f /var/log/cloud-init-output.log\n",
-                "sudo yum install docker -y\n",
+                "sudo yum install docker iptables -y\n",
+                "sudo iptables -A OUTPUT -m owner ! --uid-owner root -d 169.254.169.254 -j DROP\n",
                 "sudo systemctl enable docker\n",
                 "sudo systemctl start docker\n",
                 "mkdir -p /home/ec2-user/anythingllm\n",