Unable to curl my EC2 instance to get my EC2 instance information

Question

I am trying to follow these Instance Metadata and User Data documentation.

I am trying to curl my EC2 instance but for some reason it give me connection refused. I have allowed incoming requests for HTTP and SSH, and allowed all traffic for outgoing traffic in my security group. I am able to ssh in its but unable to curl.

What am I missing?

Answer 1

Posting this to avoid other people finding this via google search getting confused.

@John Rotenstein's Answer was 100% correct back in the past,
(it's accurate for V1 of the metadata service.)

In 2024 EC2 instances now use V2 of the metadata service.
So the command, shared by John, will fail if tried today.

# If you add the -v --verbose flag
# Or the -i --include flag
curl -v  http://169.254.169.254/latest/
curl -i  http://169.254.169.254/latest/
# You'll see HTTP/1.1 401 Unauthorized

The following works with the newer v2 of the metadata URL

export TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")

echo $TOKEN

curl -H "X-aws-ec2-metadata-token: $TOKEN" -i http://169.254.169.254/latest/
# ^-- now says HTTP/1.1 200 OK

# A nice shorthand hack to make v2 feel like v1
# (that's probably best done in the active shell only)
# and not in a .bashrc or .zshrc file
alias curl='curl -H "X-aws-ec2-metadata-token: $TOKEN"'
curl -i http://169.254.169.254/latest/
# ^-- now says HTTP/1.1 200 OK

Answer 2

Thanks John,

Was breaking my head why my curl's were not retrieving the medatada. Was very helpful.

If the instance has IMDSv2 enabled, we should go with the token approach to retrieve the data.

Answer 3

The Amazon EC2 instance metadata service is available from within the Amazon EC2 instance itself, via this URL:

curl http://169.254.169.254/latest/meta-data/