|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
Amazon EC2 instances can access instance-specific metadata, as well as data supplied when launching the instances, using a specific URI.
You can use this data to build more generic AMIs that can be modified by configuration files supplied at launch time. For example, if you run web servers for various small businesses, they can all use the same AMI and retrieve their content from the Amazon S3 bucket you specify at launch. To add a new customer at any time, simply create a bucket for the customer, add their content, and launch your AMI.
Metadata is divided into categories. For more information about the categories, see Metadata Categories.
Retrieve instance metadata from within a running instance using the following: GET
Although you can only access instance metadata for an instance from the instance itself, the data is not protected by cryptographic methods. Therefore, you should take suitable precautions to protect sensitive data (such as long lived encryption keys).
You are not billed for HTTP requests used to retrieve metadata and user-supplied data.
Requests for a specific metadata resource returns the appropriate value, or a
404 HTTP error code if the resource is not available. All
metadata is returned as text (content type
Requests for a general metadata resource (the URI ends with a
/) return a list of available resources, or a
404 HTTP error code if there is no such resource. The
list items are on separate lines terminated by line feeds (ASCII 10).
The following examples list HTTP GET requests and responses on Linux instances.
On Windows instances, you can install a tool such as cURL or GNU Wget to request instance metadata.
This example gets the available versions of the instance metadata. These versions do not necessarily correlate with an Amazon EC2 API version.
GET http://169.254.169.254/1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 2009-04-04 2011-01-01 ... latest
This example gets the top-level metadata items. Some of these items are available only for instances in a VPC. For more information about each of these items, see Metadata Categories.
GET http://169.254.169.254/latest/meta-data/amiid ami-launch-index ami-manifest-path block-device-mapping/ hostname instance-action instance-id instance-type kernel-id local-hostname local-ipv4 ipv4-associations mac network/ placement/ public-hostname public-ipv4 public-keys/ reservation-id security-groups
This example gets the value of some of the metadata items from the preceding example.
This example gets the list of available public keys.
This example shows the formats in which public key 0 is available.
This example gets public key 0 (in the OpenSSH key format).
GET http://169.254.169.254/latest/meta-data/public-keys/0/openssh-keyssh-rsa AAAA.....wZEf my-public-key
This example gets the product code (s) associated with the AMI. Product codes are returned one per line.
GET http://169.254.169.254/latest/meta-data/product-codes774F4FF8 ...
This example gets an instance's Media Access Control (MAC) address.
This example shows the network information available for an Amazon EC2-Classic/NAT instance.
GET http://169.254.169.254/latest/meta-data/network/interfaces/macs/02:29:96:8f:6a:2d/local-hostname local-ipv4s mac public-ipv4s security-group-ids subnet-id subnet-ipv4-cidr-block vpc-id vpc-ipv4-cidr-block
This example gets the subnet ID for an Amazon EC2 instance launched into a VPC.
This example shows the network information available for an Amazon EC2-Classic instance (one not running in an Amazon EC2-VPC).
GET http://169.254.169.254/latest/meta-data/network/interfaces/macs/03:15:28:7g:5b:8a/local-hostname local-ipv4s mac public-ipv4s public-hostname
When you launch an instance, you can specify user data,
which is available for all instances in the reservation to retrieve. You can
also add (or modify) user data to Amazon EBS-backed instances when they're
stopped. Requests for the user data returns the data as-is (content type
application/x-octetstream). Many people use user data to configure an instance during launch or even run a configuration script.
All user-supplied data is treated as opaque data; what you give us is what you get back. It is the responsibility of the instance to interpret this data appropriately.
This shows an example of returning comma-separated, user-supplied data.
GET http://169.254.169.254/latest/user-data1234,fred,reboot,true | 4512,jimbo, | 173,,,
This shows an example of returning line-separated, user-supplied data.
GET http://169.254.169.254/latest/user-data[general] instances: 4 [instance-0] s3-bucket: <user_name> [instance-1] reboot-on-error: yes
You can modify the user data for an Amazon EBS-backed instance while the instance is stopped. For more information, see Modifying Attributes of a Stopped Instance.
In this example, Alice wants to launch four instances of her favorite database AMI with the first acting as master and the remainder acting as replicas.
The master database configuration specifies various database parameters (e.g.,
the size of store) while the replicas' configuration specifies different parameters,
such as the replication strategy. Alice decides to provide this data as an ASCII
string with a pipe symbol (
|) delimiting the data for the various
store-size=123PB backup-every=5min | replicate-every=1min | replicate-every=2min | replicate-every=10min | replicate-every=20min
store-size=123PB backup-every=5min defines the master
replicate-every=1min defines the first
replicate-every=2min defines the
second replicant's configuration, and so on.
Alice launches four instances.
ec2-run-instances ami-2bb65342 -n 4 -d "store-size=123PB backup-every=5min | replicate-every=1min | replicate-every=2min | replicate-every=10min | replicate-every=20min"RESERVATION r-fea54097 598916040194 default INSTANCE i-3ea74257 ami-2bb65342 pending 0 m1.small 2010-03-19T13:59:03+0000 us-east-1a aki-94c527fd ari-96c527ff monitoring-disabled ebs INSTANCE i-31a74258 ami-2bb65342 pending 0 m1.small 2010-03-19T13:59:03+0000 us-east-1a aki-94c527fd ari-96c527ff monitoring-disabled ebs INSTANCE i-31a74259 ami-2bb65342 pending 0 m1.small 2010-03-19T13:59:03+0000 us-east-1a aki-94c527fd ari-96c527ff monitoring-disabled ebs INSTANCE i-31a7425a ami-2bb65342 pending 0 m1.small 2010-03-19T13:59:03+0000 us-east-1a aki-94c527fd ari-96c527ff monitoring-disabled ebs
After they're launched, all instances have a copy of the user data and the common metadata shown here (where ami_id represents the latest version of an AMI):
AMI id: ami-id
Reservation ID: r-fea54097
Public keys: none
Security group names: default
Instance type: m1.small
However, each instance has certain unique metadata.
Therefore, an instance can determine its portion of the user-supplied data through the following process.
Metadata Discovery Process
Determine the index in the launch group.
GET http://169.254.169.254/latest/meta-data/ami-launch-index 1
Retrieve the user data.
GET http://169.254.169.254/latest/user-data/ store-size=123PB backup-every=5min | replicate-every=1min | replicate-every=2min | replicate-every=10min | replicate-every=20min
Extract the appropriate part of the user data.
The data available to instances is categorized into metadata and user-supplied data. The following table lists the categories of metadata.
||The AMI ID used to launch the instance.||1.0|
||The index of this instance in the reservation.||1.0|
||The manifest path of the AMI with which the instance was launched.||1.0|
||The AMI IDs of any instances that were rebundled to create this AMI. Will only
exist if the AMI manifest file contained an ||2007-10-10|
||Returns the ||2007-12-15|
|The virtual device that contains the root/boot file system.||2007-12-15|
||The virtual devices associated with Amazon EBS volumes, if any are
present. Only available in metadata if it is present at launch time.
indicates the index of the Amazon EBS volume (such as
||The virtual devices associated with ephemeral devices, if any are present. The N indicates the index of the ephemeral volume.||2007-12-15|
||The virtual devices or partitions associated with the root devices or
partitions on the ||2007-12-15|
||The virtual devices associated with ||2007-12-15|
||Returns information about the last time the instance profile was updated, including the instance's LastUpdated date, InstanceProfileArn, and InstanceProfileId.||2012-06-01|
||Notifies the instance that it should reboot in preparation for bundling. Valid values:
||The ID of this instance.||1.0|
||The type of instance. For more information, see Instance Families and Types.||2007-08-29|
||The ID of the kernel launched with this instance, if applicable.||2008-02-01|
||The local hostname of the instance. In cases where multiple network interfaces are present, this refers to the eth0 device (the device for which device-number is 0).||2007-01-19|
||The private IP address of the instance. In cases where multiple network interfaces are present, this refers to the eth0 device (the device for which device-number is 0).||1.0|
||The instance's MAC address. In cases where multiple network interfaces are present, this refers to the eth0 device (the device for which device-number is 0).||2011-01-01|
||The device-number associated with that interface. Each interface must have a unique device number. The device-number serves as a hint to device naming in the instance; for example, device-number is 2 for the eth2 device.||2011-01-01|
||The private IPv4 address(es) that are associated with each
||The interface's local hostname.||2011-01-01|
||The private IP addresses associated with the interface.||2011-01-01|
||The instance's Media Access Control
|The ID of the owner of the network interface. In multiple-interface environments, an interface can be attached by a third party, such as Elastic Load Balancing. Traffic on an interface is always billed to the interface owner.||2011-01-01|
||The interface's profile.||2007-12-15|
||The interface's public hostname.||2011-01-01|
||The elastic IP addresses associated with the interface. There may be multiple IP addresses on an instance.||2011-01-01|
|Security groups to which the network interface belongs.||2011-01-01|
||IDs of the security groups to which the network interface belongs. Returned only for Amazon EC2 instances launched into a VPC. For more information on security groups in EC2-VPC, see Security Groups for Your VPC.||2011-01-01|
||The ID of the Amazon EC2-VPC subnet in which the interface resides. Returned only for Amazon EC2 instances launched into a VPC.||2011-01-01|
||The CIDR block of the Amazon EC2-VPC subnet in which the interface resides. Returned only for Amazon EC2 instances launched into a VPC.||2011-01-01|
||The ID of the Amazon EC2-VPC in which the interface resides. Returned only for Amazon EC2 instances launched into a VPC.||2011-01-01|
||The Availability Zone in which the instance launched.||2008-02-01|
||Product codes associated with the instance, if any.||2007-03-01|
||The public hostname of the instance. Not returned for Amazon EC2 instances launched into a VPC. See Elastic IP Addresses (EIP) for more information.||2007-01-19|
||The public IP address. If an elastic IP address is associated with the instance, the value returned is the elastic IP address.||2007-01-19|
||Public key. Only available if supplied at instance launch time.||1.0|
||The ID of the RAM disk specified at launch time, if applicable.||2007-10-10|
||ID of the reservation.||1.0|
The names of the security groups applied to the instance.
Only Amazon EC2 instances launched into a VPC can have their security groups changed after launch. These changes
will be reflected here and in network/interfaces/macs/
You can provide user data when you launch an instance, or when the instance is in a stopped state (for EBS-backed instances). User-supplied data is treated as opaque data: what you give us is what you get back.
All instances launched together get the same user-supplied data. You can use the AMI launch index as an index into the data.
User data is limited to 16 KB. This limit applies to the data in raw form, not base64-encoded form.
The user data must be base64-encoded before being submitted to the API. The API command line tools perform the base64 encoding for you. The data is in base64 and is decoded before being presented to the instance.
For more information about base64 encodings, see
Amazon EC2 instances can also include dynamic data. Dynamic data is retrieved from
||Value showing whether the customer has enabled detailed 1-minute
monitoring in CloudWatch. Valid values: ||2009-04-04|
|JSON containing instance attributes, such as instance-id, private IP address, etc..||2009-04-04|
|Used to verify the document's authenticity and content against the signature.||2009-04-04|
|Data that can be used by other parties to verify its origin and authenticity.||2009-04-04|