We announced the upcoming end-of-support for AWS SDK for JavaScript v2.
We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.

Class: AWS.EC2MetadataCredentials

AWS.Credentials show all
Defined in:



This feature is not supported in the browser environment of the SDK.

Represents credentials received from the metadata service on an EC2 instance.

By default, this class will connect to the metadata service using AWS.MetadataService and attempt to load any available credentials. If it can connect, and credentials are available, these will be used with zero configuration.

This credentials class will by default timeout after 1 second of inactivity and retry 3 times. If your requests to the EC2 metadata service are timing out, you can increase these values by configuring them directly:

AWS.config.credentials = new AWS.EC2MetadataCredentials({
  httpOptions: { timeout: 5000 }, // 5 second timeout
  maxRetries: 10, // retry 10 times
  retryDelayOptions: { base: 200 }, // see AWS.Config for information
  logger: console // see AWS.Config for information
  ec2MetadataV1Disabled: false // whether to block IMDS v1 fallback.

If your requests are timing out in connecting to the metadata service, such as when testing on a development machine, you can use the connectTimeout option, specified in milliseconds, which also defaults to 1 second.

If the requests failed or returns expired credentials, it will extend the expiration of current credential, with a warning message. For more information, please go to: https://docs.aws.amazon.com/sdkref/latest/guide/feature-static-credentials.html

Constructor Summary collapse

Property Summary collapse

Properties inherited from AWS.Credentials

expired, expireTime, accessKeyId, secretAccessKey, sessionToken, expiryWindow

Method Summary collapse

Methods inherited from AWS.Credentials

needsRefresh, get, getPromise, refreshPromise

Constructor Details

new AWS.EC2MetadataCredentials(options) ⇒ void

Property Details

originalExpirationObject (static, readwrite)

The original expiration of the current credential. In case of AWS outage, the EC2 metadata will extend expiration of the existing credential.

Default Value:

AWS.EC2MetadataCredentials.originalExpiration = undefined

Method Details

refresh(callback) ⇒ void

Loads the credentials from the instance metadata service

Callback (callback):

  • function(err) { ... }

    Called when the instance metadata service responds (or fails). When this callback is called with no error, it means that the credentials information has been loaded into the object (as the accessKeyId, secretAccessKey, and sessionToken properties).


    • err (Error)

      if an error occurred, this value will be filled

See Also:

  • AWS.EC2MetadataCredentials.get