EC2 / Client / modify_instance_metadata_options

modify_instance_metadata_options#

EC2.Client.modify_instance_metadata_options(**kwargs)#

Modify the instance metadata parameters on a running or stopped instance. When you modify the parameters on a stopped instance, they are applied when the instance is started. When you modify the parameters on a running instance, the API responds with a state of “pending”. After the parameter modifications are successfully applied to the instance, the state of the modifications changes from “pending” to “applied” in subsequent describe-instances API calls. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.

See also: AWS API Documentation

Request Syntax

response = client.modify_instance_metadata_options(
    InstanceId='string',
    HttpTokens='optional'|'required',
    HttpPutResponseHopLimit=123,
    HttpEndpoint='disabled'|'enabled',
    DryRun=True|False,
    HttpProtocolIpv6='disabled'|'enabled',
    InstanceMetadataTags='disabled'|'enabled'
)
Parameters:
  • InstanceId (string) –

    [REQUIRED]

    The ID of the instance.

  • HttpTokens (string) –

    IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to optional (in other words, set the use of IMDSv2 to optional) or required (in other words, set the use of IMDSv2 to required).

    • optional - When IMDSv2 is optional, you can choose to retrieve instance metadata with or without a session token in your request. If you retrieve the IAM role credentials without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials using a valid session token, the IMDSv2 role credentials are returned.

    • required - When IMDSv2 is required, you must send a session token with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.

    Default: optional

  • HttpPutResponseHopLimit (integer) –

    The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. If no parameter is specified, the existing state is maintained.

    Possible values: Integers from 1 to 64

  • HttpEndpoint (string) –

    Enables or disables the HTTP metadata endpoint on your instances. If this parameter is not specified, the existing state is maintained.

    If you specify a value of disabled, you cannot access your instance metadata.

  • DryRun (boolean) – Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

  • HttpProtocolIpv6 (string) – Enables or disables the IPv6 endpoint for the instance metadata service. This setting applies only if you have enabled the HTTP metadata endpoint.

  • InstanceMetadataTags (string) –

    Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata.

    Default: disabled

Return type:

dict

Returns:

Response Syntax

{
    'InstanceId': 'string',
    'InstanceMetadataOptions': {
        'State': 'pending'|'applied',
        'HttpTokens': 'optional'|'required',
        'HttpPutResponseHopLimit': 123,
        'HttpEndpoint': 'disabled'|'enabled',
        'HttpProtocolIpv6': 'disabled'|'enabled',
        'InstanceMetadataTags': 'disabled'|'enabled'
    }
}

Response Structure

  • (dict) –

    • InstanceId (string) –

      The ID of the instance.

    • InstanceMetadataOptions (dict) –

      The metadata options for the instance.

      • State (string) –

        The state of the metadata option changes.

        pending - The metadata options are being updated and the instance is not ready to process metadata traffic with the new selection.

        applied - The metadata options have been successfully applied on the instance.

      • HttpTokens (string) –

        IMDSv2 uses token-backed sessions. Indicates whether the use of HTTP tokens is optional (in other words, indicates whether the use of IMDSv2 is optional) or required (in other words, indicates whether the use of IMDSv2 is required).

        • optional - When IMDSv2 is optional, you can choose to retrieve instance metadata with or without a session token in your request. If you retrieve the IAM role credentials without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials using a valid session token, the IMDSv2 role credentials are returned.

        • required - When IMDSv2 is required, you must send a session token with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.

        Default: optional

      • HttpPutResponseHopLimit (integer) –

        The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.

        Default: 1

        Possible values: Integers from 1 to 64

      • HttpEndpoint (string) –

        Indicates whether the HTTP metadata endpoint on your instances is enabled or disabled.

        If the value is disabled, you cannot access your instance metadata.

      • HttpProtocolIpv6 (string) –

        Indicates whether the IPv6 endpoint for the instance metadata service is enabled or disabled.

      • InstanceMetadataTags (string) –

        Indicates whether access to instance tags from the instance metadata is enabled or disabled. For more information, see Work with instance tags using the instance metadata.