Why does my Amazon EC2 Windows instance generate a "Waiting for the metadata service" error?

Resolution

My EC2 instance in a VPC is inaccessible and failing instance status checks

Attach a second elastic network interface to the instance to provide the needed route and a valid IP address. This allows you to:

• Access the EC2 instance on the second network interface.
• Resolve issues with the networking configuration of the primary network interface.

Note: If you plan to change the instance type when adding a second network interface, you must check the Compatibility for changing the instance type.

My EC2 instance is passing both status checks and is accessible

First, run the route print command from PowerShell or CMD. Review the output to confirm if there is a route similar to the following:

Network Address Netmask          Gateway Address
169.254.169.254  255.255.255.255  <Subnet Router Address>

Note: It's a best practice to back up your Elastic Block Storage (Amazon EBS) volume and route table before proceeding.

If the route isn't present or the Gateway Address doesn't match that of the current subnet, then follow these steps:

1. Confirm that the latest version of EC2Config (Windows Server 2012R2 and earlier) or EC2Launch (Windows Server 2016 or later) is installed on the instance.
2. To apply the route to the instance, restart the EC2Config service, or run the following command from an elevated PowerShell session:

Import-Module c:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psm1 ; Add-Routes

If the route exists, but the instance is still unable to retrieve metadata, then review your instance’s Windows Firewall, third-party firewall, or antivirus configuration. Confirm that traffic to 169.254.169.254 isn’t explicitly denied.

Related information

Instance metadata and user data

Creating a network interface

Waiting for the metadata service