AWS::EC2::LaunchTemplate MetadataOptions
The metadata options for the instance. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.
MetadataOptions
is a property of AWS::EC2::LaunchTemplate LaunchTemplateData.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "HttpEndpoint" :
String
, "HttpProtocolIpv6" :String
, "HttpPutResponseHopLimit" :Integer
, "HttpTokens" :String
, "InstanceMetadataTags" :String
}
YAML
HttpEndpoint:
String
HttpProtocolIpv6:String
HttpPutResponseHopLimit:Integer
HttpTokens:String
InstanceMetadataTags:String
Properties
HttpEndpoint
-
Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is
enabled
.Note If you specify a value of
disabled
, you will not be able to access your instance metadata.Required: No
Type: String
Allowed values:
disabled | enabled
Update requires: No interruption
HttpProtocolIpv6
-
Enables or disables the IPv6 endpoint for the instance metadata service.
Default:
disabled
Required: No
Type: String
Allowed values:
disabled | enabled
Update requires: No interruption
HttpPutResponseHopLimit
-
The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.
Default:
1
Possible values: Integers from 1 to 64
Required: No
Type: Integer
Update requires: No interruption
HttpTokens
-
IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to
optional
(in other words, set the use of IMDSv2 tooptional
) orrequired
(in other words, set the use of IMDSv2 torequired
).-
optional
- When IMDSv2 is optional, you can choose to retrieve instance metadata with or without a session token in your request. If you retrieve the IAM role credentials without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials using a valid session token, the IMDSv2 role credentials are returned. -
required
- When IMDSv2 is required, you must send a session token with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.
Default:
optional
Required: No
Type: String
Allowed values:
optional | required
Update requires: No interruption
-
InstanceMetadataTags
-
Set to
enabled
to allow access to instance tags from the instance metadata. Set todisabled
to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.Default:
disabled
Required: No
Type: String
Allowed values:
disabled | enabled
Update requires: No interruption