Every EC2 instance has its unique ID, which can be used to locate the instance from a list. The name of the instance can be used repeatedly, and it can create doubt about your instance. Locating your instance from a bunch of other instances can get tricky sometimes.

It is very easy to fetch your instance ID from the metadata of the EC2 instance. There are two different methods of fetching the instance ID and both these methods will be covered in this article.

This article contains the following sections:

  1. Fetching the AWS EC2 Instance ID from inside the Instance
  2. Fetching the AWS EC2 Instance ID from the EC2 Management Console

Fetching the AWS EC2 Instance ID From Inside the Instance

To fetch the AWS EC2 instance ID, you must first connect to the EC2 instance. For that, you simply need to copy the command from the “Connect” page and paste it on the command prompt. Then change the path of the key pair file from your PC then simply press enter, and you will be connected to the EC2 instance:

ssh -i "my-key-pair.pem" ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com

The AWS EC2 instance ID will be stored in the metadata, and to fetch the instance ID, you need to check into the metadata. For that, simply type the following command:

curl http://169.254.169.254/latest/meta-data

This command will show you the list of all the metadata from where you can locate the EC2 instance ID:

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
events/
hostname
identity-credentials/
instance-action
instance-id
instance-life-cycle
instance-type
local-hostname
local-ipv4
mac
metrics/
network/
placement/
profile
public-hostname
public-ipv4
public-keys/
reservation-id
security-groups
services/

To fetch the EC2 instance ID simply type the following command:

curl http://169.254.169.254/latest/meta-data/instance-id

This command will fetch you the EC2 instance ID.

i-0c2b61705d718e123456

You have successfully fetched the EC2 instance ID from inside the instance. Now let‘s talk about how to fetch the AWS EC2 instance ID from the EC2 management console.

Fetching the AWS EC2 Instance ID From the EC2 Management Console

To fetch the instance ID using the EC2 console, you need to click on the “Instances” tab from the left panel and you will get the instance ID in the list of the instances:

EC2 Instance List

You can also get your instance ID by clicking on the instance and scrolling down in the “Details” section. You can copy the instance ID from this section:

EC2 Instance Details

You have successfully fetched the EC2 instance ID from the AWS EC2 management console.

Programmatic Access to Instance Metadata

In addition to using CLI tools like curl, you can also access EC2 instance metadata programmatically from within the instance itself. Every EC2 instance runs an metadata service locally that you can query for information.

Here is an example using Python:

import requests 

metadata_url = "http://169.254.169.254/latest/meta-data/"

instance_id = requests.get(metadata_url + "instance-id").text
print(instance_id)

This makes a simple HTTP request to the metadata service to fetch the instance ID. The same approach works for fetching any other metadata attributes as well.

Some key things to note about the instance metadata service:

  • It‘s only accessible from within the instance itself, you cannot query it externally
  • It‘s available at the fixed IP address 169.254.169.254
  • It‘s exposed via a simple HTTP interface, no authentication required

So from within your application/code running on an EC2 instance, the metadata service provides a handy way to get information about that specific instance.

Using Instance Metadata to Configure Applications

One useful application of the EC2 instance metadata service is to automatically configure applications when they start up on an instance.

For example, let‘s say you want to configure a log file for your app with the instance ID embedded in the filename.

Here is sample Python code to demonstrate:

import requests
import logging
import os

log_dir = "/var/log/my-app/"

if not os.path.exists(log_dir):
    os.mkdir(log_dir)

instance_id = requests.get("http://169.254.169.254/latest/meta-data/instance-id").text

log_file = os.path.join(log_dir, f"{instance_id}.log")

logging.basicConfig(filename=log_file, level=logging.INFO)
logging.info("Application started")

This code fetches the instance ID from metadata and constructs a log file path to include it. That way each EC2 instance will write logs to its own file automatically without you having to configure it manually.

This demonstrates just one example, but in practice you could configure database connections, service discovery, secrets, and many other aspects of your app based on the information exposed in instance metadata.

Security Considerations for Instance Metadata

Since instance metadata is available via HTTP without authentication inside every EC2 instance, you need to be careful about how it is used:

Use cases to avoid:

  • Storing secrets/credentials in user data or metadata that could be retrieved via the metadata service
  • Making sensitive instance data or configurations accessible in the metadata service

Best practices:

  • Use IAM roles for applications to get AWS credentials, rather than putting secrets in metadata
  • Only use metadata service for public, non-sensitive instance data
  • Fetch data on demand when needed rather than caching metadata
  • Use local firewall rules or security groups to block access to 169.254.169.254 from untrusted containers/code

By following security best practices, you can securely take advantage of the convenient capabilities of EC2 instance metadata service.

Checking Metadata Service Availability

Because your application relies on the metadata service being available, you should check for availability before trying to fetch metadata:

$ curl -Is http://169.254.169.254

HTTP/1.1 200 OK
Content-Type: text/html; charset=iso-8859-1
Content-Length: 121
Connection: close
Server: AmazonEC2ws
Date: Wed, 15 Feb 2023 21:00:00 GMT

This makes a HEAD request which will return HTTP status 200 if the service is running.

If you get connection timeouts, failures, or non-200 status then you should fail gracefully – perhaps by retrying a few times or eventually erroring out.

Handling Credential Expiration

If you are using IAM roles to fetch temporary credentials via metadata service, keep in mind those credentials can expire:

from botocore.exceptions import CredentialRetrievalError

try:
  # request credentials via metadata service  
except CredentialRetrievalError:
  # triggered if credentials expired

  # retry requesting credentials

Catching CredentialRetrievalError lets you retry if currently cached credentials become invalid.

Or you could check the Expiration field on the credentials object to actively refresh them before they expire.

Metadata Route Table

The full metadata route table contains the available data categories:

Route Description
/latest/meta-data/ Root route, lists available categories
/latest/meta-data/ami-id The AMI ID used to launch the instance
/latest/meta-data/reservation-id ID of reservation for the instance
/latest/meta-data/hostname Instance host name set in config
/latest/meta-data/public-hostname Instance public DNS name
/latest/meta-data/instance-id Unique EC2 instance ID
/latest/meta-data/instance-type Instance type (m4.large, etc)
/latest/meta-data/local-ipv4 Private IP address
/latest/meta-data/public-ipv4 Public IP address
/latest/meta-data/mac Instance network interface MAC address
/latest/meta-data/network/interfaces/macs/ MAC addresses for all ENIs attached to instance
/latest/meta-data/iam/security-credentials/role-name IAM role credentials, if assigned
/latest/user-data User data script passed at launch, if given

This covers most of the commonly used metadata attributes. Consult AWS documentation for additional details.

Summary

Key takeaways on accessing EC2 instance metadata:

  • Instance metadata exposes useful data about an instance
  • It‘s available via a simple HTTP service at 169.254.169.254
  • Use curl or programming languages for easy access
  • Helps enable dynamic configuration based on instance data
  • Carefully manage security aspects around metadata

Following the best practices outlined here allows you to build dynamic, self-configuring applications that adapt based on the EC2 instance they are running on.

The instance metadata service is a valuable tool when working with EC2 instances!

Related posts:

  1. How to List S3 Buckets Using AWS CLI: A Developer‘s Guide
  2. Unleash the Power of Redshift LISTAGG Function
  3. How to Batch Delete in DynamoDB
  4. A Full-Stack Developer‘s Guide to Amazon EBS Volume Types
  5. Unlocking Faster Percentile Analytics with Redshift‘s APPROXIMATE PERCENTILE_DISC
  6. How to Monitor, Predict, and Increase Disk Space on an AWS EC2 Instance
  7. Comparing Amazon EC2 and EMR for Cluster Computing: An In-Depth Technical Analysis
  8. The Essential Guide to Installing AWS CLI on Windows with Chocolatey

Similar Posts