From 6729f2219371450645dec53ca68597a171d17f10 Mon Sep 17 00:00:00 2001
From: Hexeong <123macanic@naver.com>
Date: Wed, 17 Jun 2026 22:16:54 +0900
Subject: [PATCH 1/2] =?UTF-8?q?feat:=20Promethus=20target=EC=9D=84=20publi?=
 =?UTF-8?q?c=20=EC=97=94=EB=93=9C=ED=8F=AC=EC=9D=B8=ED=8A=B8=EA=B0=80=20?=
 =?UTF-8?q?=EC=95=84=EB=8B=8C=20private=20IP=EB=A1=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/dev-cd.yml  | 8 ++++++--
 .github/workflows/prod-cd.yml | 8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/dev-cd.yml b/.github/workflows/dev-cd.yml
index 7942d0fd0..07220adfb 100644
--- a/.github/workflows/dev-cd.yml
+++ b/.github/workflows/dev-cd.yml
@@ -194,8 +194,12 @@ jobs:
 
           if [ "$UPSTREAM_PORT" = "8080" ]; then NEW_MGMT_PORT=8081; else NEW_MGMT_PORT=9081; fi
 
+          PRIVATE_IP=$(ssh -i deploy_key.pem -o StrictHostKeyChecking=no \
+            "${{ secrets.DEV_USERNAME }}@${{ secrets.DEV_HOST }}" \
+            "curl -sf http://169.254.169.254/latest/meta-data/local-ipv4")
+
           ssh -i monitoring_key.pem -o StrictHostKeyChecking=no \
             "${{ secrets.MONITORING_USERNAME }}@${{ secrets.MONITORING_HOST }}" \
-            "echo '[{\"targets\":[\"${{ secrets.DEV_HOST }}:${NEW_MGMT_PORT}\"]}]' \
+            "echo '[{\"targets\":[\"${PRIVATE_IP}:${NEW_MGMT_PORT}\"]}]' \
               | tee ~/solid-connection-monitor/prometheus/targets/stage.json > /dev/null \
-            && echo 'Prometheus target updated: ${{ secrets.DEV_HOST }}:${NEW_MGMT_PORT}'"
+            && echo 'Prometheus target updated: ${PRIVATE_IP}:${NEW_MGMT_PORT}'"
diff --git a/.github/workflows/prod-cd.yml b/.github/workflows/prod-cd.yml
index 03025ab5f..cdd358543 100644
--- a/.github/workflows/prod-cd.yml
+++ b/.github/workflows/prod-cd.yml
@@ -205,8 +205,12 @@ jobs:
 
           if [ "$UPSTREAM_PORT" = "8080" ]; then NEW_MGMT_PORT=8081; else NEW_MGMT_PORT=9081; fi
 
+          PRIVATE_IP=$(ssh -i deploy_key.pem -o StrictHostKeyChecking=no \
+            "${{ secrets.USERNAME }}@${{ secrets.HOST }}" \
+            "curl -sf http://169.254.169.254/latest/meta-data/local-ipv4")
+
           ssh -i monitoring_key.pem -o StrictHostKeyChecking=no \
             "${{ secrets.MONITORING_USERNAME }}@${{ secrets.MONITORING_HOST }}" \
-            "echo '[{\"targets\":[\"${{ secrets.HOST }}:${NEW_MGMT_PORT}\"]}]' \
+            "echo '[{\"targets\":[\"${PRIVATE_IP}:${NEW_MGMT_PORT}\"]}]' \
               | tee ~/solid-connection-monitor/prometheus/targets/prod.json > /dev/null \
-            && echo 'Prometheus target updated: ${{ secrets.HOST }}:${NEW_MGMT_PORT}'"
+            && echo 'Prometheus target updated: ${PRIVATE_IP}:${NEW_MGMT_PORT}'"

From 26cb49f2f1a266f34b3565846903966482558aa0 Mon Sep 17 00:00:00 2001
From: Hexeong <123macanic@naver.com>
Date: Wed, 17 Jun 2026 22:31:04 +0900
Subject: [PATCH 2/2] =?UTF-8?q?fix:=20IMDSv2=20=EB=B0=98=EC=98=81=20?=
 =?UTF-8?q?=EB=B0=8F=20PRIVATE=5FIP=20=EB=B9=88=EA=B0=92=20=EA=B2=80?=
 =?UTF-8?q?=EC=A6=9D=20=EB=B0=8F=20=EB=AA=85=EC=8B=9C=EC=A0=81=20=EC=8B=A4?=
 =?UTF-8?q?=ED=8C=A8=20=EB=A1=9C=EC=A7=81=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/dev-cd.yml  | 7 ++++++-
 .github/workflows/prod-cd.yml | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/dev-cd.yml b/.github/workflows/dev-cd.yml
index 07220adfb..714edfc4d 100644
--- a/.github/workflows/dev-cd.yml
+++ b/.github/workflows/dev-cd.yml
@@ -196,7 +196,12 @@ jobs:
 
           PRIVATE_IP=$(ssh -i deploy_key.pem -o StrictHostKeyChecking=no \
             "${{ secrets.DEV_USERNAME }}@${{ secrets.DEV_HOST }}" \
-            "curl -sf http://169.254.169.254/latest/meta-data/local-ipv4")
+            "TOKEN=\$(curl -sf -X PUT 'http://169.254.169.254/latest/api/token' -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600') && curl -sf -H \"X-aws-ec2-metadata-token: \$TOKEN\" http://169.254.169.254/latest/meta-data/local-ipv4")
+
+          if [ -z "$PRIVATE_IP" ]; then
+            echo "Failed to retrieve private IP" >&2
+            exit 1
+          fi
 
           ssh -i monitoring_key.pem -o StrictHostKeyChecking=no \
             "${{ secrets.MONITORING_USERNAME }}@${{ secrets.MONITORING_HOST }}" \
diff --git a/.github/workflows/prod-cd.yml b/.github/workflows/prod-cd.yml
index cdd358543..1e60d0db4 100644
--- a/.github/workflows/prod-cd.yml
+++ b/.github/workflows/prod-cd.yml
@@ -207,7 +207,12 @@ jobs:
 
           PRIVATE_IP=$(ssh -i deploy_key.pem -o StrictHostKeyChecking=no \
             "${{ secrets.USERNAME }}@${{ secrets.HOST }}" \
-            "curl -sf http://169.254.169.254/latest/meta-data/local-ipv4")
+            "TOKEN=\$(curl -sf -X PUT 'http://169.254.169.254/latest/api/token' -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600') && curl -sf -H \"X-aws-ec2-metadata-token: \$TOKEN\" http://169.254.169.254/latest/meta-data/local-ipv4")
+
+          if [ -z "$PRIVATE_IP" ]; then
+            echo "Failed to retrieve private IP" >&2
+            exit 1
+          fi
 
           ssh -i monitoring_key.pem -o StrictHostKeyChecking=no \
             "${{ secrets.MONITORING_USERNAME }}@${{ secrets.MONITORING_HOST }}" \