Configure the instance metadata options - Amazon Elastic Compute Cloud

Configure the instance metadata options

Instance metadata is data about an instance that you can use to configure or manage the instance. You can configure instance metadata options for new or existing instances as follows:

  • Require the use of IMDSv2 when requesting instance metadata

  • Specify the PUT response hop limit

  • Turn off access to instance metadata

You can also use IAM condition keys in an IAM policy or SCP as follows:

  • Allow an instance to launch only if it's configured to require the use of IMDSv2

  • Restrict the number of allowed hops

  • Turn off access to instance metadata

Note

You should proceed cautiously and conduct careful testing before making any changes. Take note of the following:

  • If you enforce the use of IMDSv2, applications or agents that use IMDSv1 for instance metadata access will break.

  • If you turn off all access to instance metadata, applications or agents that rely on instance metadata access to function will break.

  • For IMDSv2, you must use /latest/api/token when retrieving the token.