Configure the instance metadata options - Amazon Elastic Compute Cloud

Configure the instance metadata options

Instance metadata options allow you to configure new or existing instances to do the following:

  • Require the use of IMDSv2 when requesting instance metadata

  • Specify the PUT response hop limit

  • Turn off access to instance metadata

You can also use IAM condition keys in an IAM policy or SCP to do the following:

  • Allow an instance to launch only if it's configured to require the use of IMDSv2

  • Restrict the number of allowed hops

  • Turn off access to instance metadata

Note

You should proceed cautiously and conduct careful testing before making any changes. Take note of the following:

  • If you enforce the use of IMDSv2, applications or agents that use IMDSv1 for instance metadata access will break.

  • If you turn off all access to instance metadata, applications or agents that rely on instance metadata access to function will break.

  • For IMDSv2, you must use /latest/api/token when retrieving the token.