Introduction to the Metadata Service

Every EC2 instance has access to something called the instance metadata service (IMDS). This contains (surprise) metadata about that specific EC2 instance.

How to Access the Metadata Service

The metadata service can be accessed at http://169.254.169.254/latest/meta-data/ from the EC2 instance.

IMDSv2

Version two of the metadata service has added protections against SSRF and requires the user to create and use a token. You can access it via the following.

user@host:~$ TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \
&& curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/

What does the Metadata Service Contain

The following information was pulled from here.

EndpointDescription
ami-idThe AMI ID used to launch the instance.
ami-launch-indexIf you started more than one instance at the same time, this value indicates the order in which the instance was launched. The value of the first instance launched is 0.
ami-manifest-pathThe path to the AMI manifest file in Amazon S3. If you used an Amazon EBS-backed AMI to launch the instance, the returned result is unknown.
hostnameThe private IPv4 DNS hostname of the instance. In cases where multiple network interfaces are present, this refers to the eth0 device (the device for which the device number is 0).
iam/infoIf there is an IAM role associated with the instance, contains information about the last time the instance profile was updated, including the instance’s LastUpdated date, InstanceProfileArn, and InstanceProfileId. Otherwise, not present.
iam/security-credentials/role-nameIf there is an IAM role associated with the instance, role-name is the name of the role, and role-name contains the temporary security credentials associated with the role. Otherwise, not present.
identity-credentials/ec2/info[Internal use only] Information about the credentials in identity-credentials/ec2/security-credentials/ec2-instance. These credentials are used by AWS features such as EC2 Instance Connect, and do not have any additional AWS API permissions or privileges beyond identifying the instance.
instance-idThe ID of this instance.
local-hostnameThe private IPv4 DNS hostname of the instance. In cases where multiple network interfaces are present, this refers to the eth0 device (the device for which the device number is 0).
local-ipv4The private IPv4 address of the instance. In cases where multiple network interfaces are present, this refers to the eth0 device (the device for which the device number is 0).
public-hostnameThe instance’s public DNS. This category is only returned if the enableDnsHostnames attribute is set to true.
public-ipv4The public IPv4 address. If an Elastic IP address is associated with the instance, the value returned is the Elastic IP address.
public-keys/0/openssh-keyPublic key. Only available if supplied at instance launch time.
security-groupsThe names of the security groups applied to the instance.