ProTip/gist:e817c3dfc7de850f2a88

## gistfile1.rb
powershell_script 'firewall_metadata' do
  guard_interpreter :powershell_script
  code "New-NetFirewallRule -DisplayName 'Block AWS Metadata' -Direction 'outbound' -RemoteAddress '169.254.169.254' -RemotePort '80' -Protocol 'tcp' | Get-NetFirewallSecurityFilter | Set-NetFirewallSecurityFilter -LocalUser 'O:LSD:(D;;CC;;;SY)'"
  not_if "Get-NetFirewallRule -DisplayName 'Block AWS Metadata'"
end
	powershell_script 'firewall_metadata' do
	guard_interpreter :powershell_script
	code "New-NetFirewallRule -DisplayName 'Block AWS Metadata' -Direction 'outbound' -RemoteAddress '169.254.169.254' -RemotePort '80' -Protocol 'tcp' \| Get-NetFirewallSecurityFilter \| Set-NetFirewallSecurityFilter -LocalUser 'O:LSD:(D;;CC;;;SY)'"
	not_if "Get-NetFirewallRule -DisplayName 'Block AWS Metadata'"
	end