Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

I noticed in my `/var/log/orbit/orbit.stderr.log` logs I'm getting this:
```E0514 15:25:16.924619 56982208 aws_util.cpp:429] Exception making HTTP GET request to URL (<http://169.254.169.254/latest/meta-data/placement/availability-zone>): Failed to connect to 169.254.169.254:80: Operation timed out
E0514 15:25:16.933457 56982208 aws_util.cpp:429] Exception making HTTP GET request to URL (<http://169.254.169.254/latest/meta-data/placement/availability-zone>): Failed to connect to 169.254.169.254:80: Host is down```
From what I can find, this is a command that would be run inside an EC2 instance but this is from osqueryd on my laptop.  Everything seems to be working fine with my host and my server, just wanted to point it out.

This is the log right before the error logs:
```2024-05-14T15:25:00-04:00 INF start osqueryd cmd="/opt/orbit/bin/osqueryd/macos-app/stable/osquery.app/Contents/MacOS/osqueryd --pidfile=/opt/orbit/osquery.pid --extensions_socket=/opt/orbit/orbit-osquery.em --logger_path=/opt/orbit/osquery_log --enroll_secret_env ENROLL_SECRET --tls_hostname=&lt;my_domain&gt; --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=60 --disable_distributed=false --distributed_plugin=tls --distributed_tls_max_attempts=10 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls,filesystem --logger_tls_endpoint=/api/v1/osquery/log --disable_carver=false --carver_disable_function=false --carver_start_endpoint=/api/v1/osquery/carve/begin --carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=8000000 --tls_server_certs /opt/orbit/certs.pem --augeas_lenses /opt/orbit/lenses --force --flagfile /opt/orbit/osquery.flags --host-identifier uuid --database_path /opt/orbit/osquery.db"```

And I'm running the server on AWS ECS Fargate.

It's probably from trying to query one of the `ec2_*` tables. I believe they make API calls on the backend.

maybe setting this to true in your agent config would help?
```--aws_disable_imdsv1_fallback=true```

from: <https://osquery.readthedocs.io/en/stable/installation/cli-flags/#configuration-control-flags>