Why does my Amazon EC2 Windows instance generate a "Waiting for the metadata service" error?

Last updated: 2020-12-14

My Amazon Elastic Compute Cloud (Amazon EC2) Windows instance is unable to retrieve instance metadata. How can I fix this?

Resolution

My EC2 instance in a VPC is inaccessible and failing instance status checks

Attach a second elastic network interface to the instance to provide the needed route and a valid IP address. This allows you to:

Access the EC2 instance on the second network interface.
Resolve issues with the networking configuration of the primary network interface.

My EC2 instance is passing both status checks and is accessible

First, run the route print command from PowerShell or CMD. Review the output to confirm if there is a route similar to the following:

Network Address Netmask          Gateway Address
169.254.169.254  255.255.255.255  <Subnet Router Address>

If the route isn't present or the Gateway Address doesn't match that of the current subnet, then follow these steps:

Confirm that the latest version of EC2Config (Windows Server 2012R2 and earlier) or EC2Launch (Windows Server 2016 or later) is installed on the instance.
To apply the route to the instance, restart the EC2Config service, or run the following command from an elevated PowerShell session:

Import-Module c:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psm1 ; Add-Routes

If the route exists, but the instance is still unable to retrieve metadata, then review your instance’s Windows Firewall, third-party firewall, or antivirus configuration. Confirm that traffic to 169.254.169.254 isn’t explicitly denied.

Related information

Instance metadata and user data

Creating a network interface

Waiting for the metadata service

Did this article help?

Submit feedback

Do you need billing or technical support?

Contact AWS Support