EC2 Instance Metadata Flashcards
What is EC2 Instance Metadata?
EC2 Instance Metadata is data about your instance that you can use to configure or manage the running instance. Metadata includes details such as the instance ID, public keys, and network information.
How can you access EC2 Instance Metadata?
You can access EC2 Instance Metadata from an instance itself by querying a special URL: http://169.254.169.254/latest/meta-data/. This URL is accessible only from within the instance.
What kind of information can you retrieve from EC2 Instance Metadata?
You can retrieve a wide range of information such as instance ID, instance type, AMI ID, network information, security groups, and more.
Why is EC2 Instance Metadata useful?
EC2 Instance Metadata is useful for automating and configuring tasks within an instance without needing to hard-code data. It allows scripts and applications to adapt based on the environment they’re in.
How do you query for the instance ID using Instance Metadata?
To query for the instance ID, you would use a command like curl http://169.254.169.254/latest/meta-data/instance-id from within the instance.
What are Instance User Data?
Instance User Data is data that is provided when launching an EC2 instance. It can be used to perform automatic configurations, run scripts, or pass data into an instance upon startup.
Is it secure to retrieve sensitive information from EC2 Instance Metadata?
While EC2 Instance Metadata can be accessed without authentication from within the instance, AWS has introduced IMDSv2, which requires a session token, enhancing the security for accessing the metadata service.
How does IMDSv2 improve the security of accessing EC2 Instance Metadata?
IMDSv2 enhances security by requiring a session token obtained through a PUT request to access metadata. This mechanism helps protect against certain types of attacks, such as SSRF (Server-Side Request Forgery).
Can you disable access to EC2 Instance Metadata?
Yes, access to EC2 Instance Metadata can be disabled or restricted at the launch of an instance or by modifying the instance’s IAM role policies to limit the type of information accessible via the metadata service.
What is the difference between EC2 Instance Metadata and User Data?
Instance Metadata provides information about a running instance, whereas User Data is supplied data that can be used by the instance when it boots for the first time. Metadata is queryable at any time from within the instance, while User Data is typically only retrieved and used during the initial boot process.
