Configure the instance metadata options

Instance metadata options allow you to configure new or existing instances to do the following:

You can also use IAM condition keys in an IAM policy or SCP to do the following:

Allow an instance to launch only if it's configured to require the use of IMDSv2
Restrict the number of allowed hops
Turn off access to instance metadata

You should proceed cautiously and conduct careful testing before making any changes. Take note of the following:

If you enforce the use of IMDSv2, applications or agents that use IMDSv1 for instance metadata access will break.
If you turn off all access to instance metadata, applications or agents that rely on instance metadata access to function will break.
For IMDSv2, you must use /latest/api/token when retrieving the token.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Supported SDKs

For new instances