My Amazon Elastic Compute Cloud (Amazon EC2) Windows instance is unable to retrieve instance metadata. How can I fix this?
Resolution
My EC2 instance in a VPC is inaccessible and failing instance status checks
Attach a second elastic network interface to the instance to provide the needed route and a valid IP address. This allows you to:
- Access the EC2 instance on the second network interface.
- Resolve issues with the networking configuration of the primary network interface.
Note: If you plan to change the instance type when adding a second network interface, you must check the Compatibility for changing the instance type.
My EC2 instance is passing both status checks and is accessible
First, run the route print command from PowerShell or CMD. Review the output to confirm if there is a route similar to the following:
Network Address Netmask Gateway Address
169.254.169.254 255.255.255.255 <Subnet Router Address>
Note: It's a best practice to back up your Elastic Block Storage (Amazon EBS) volume and route table before proceeding.
If the route isn't present or the Gateway Address doesn't match that of the current subnet, then follow these steps:
- Confirm that the latest version of EC2Config (Windows Server 2012R2 and earlier) or EC2Launch (Windows Server 2016 or later) is installed on the instance.
- To apply the route to the instance, restart the EC2Config service, or run the following command from an elevated PowerShell session:
Import-Module c:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psm1 ; Add-Routes
If the route exists, but the instance is still unable to retrieve metadata, then review your instance’s Windows Firewall, third-party firewall, or antivirus configuration. Confirm that traffic to 169.254.169.254 isn’t explicitly denied.
Related information
Instance metadata and user data
Creating a network interface
Waiting for the metadata service