This is a simple utility to set the EC2 Instance Metadata Service default settings for an account across all active regions.

On March 25, 2024, AWS announced that users can now configure defaults for the Instance Metadata Service at the account level. Normally, this would involve going into the EC2 console for each region and manually changing the settings, or running the modify-instance-metadata-defaults CLI command for each region that was introduced in version 2.15.33 of the AWS CLI.

This script aims to automate that process. It makes use of your AWS credentials that are passed to boto3 to authenticate to an account and then issue the command to change the default metadata settings in each region in that account.

By default, the script will only change two defaults:

1. It will change the Metadata version to **V2 only (token required)
2. It will change the Metadata response hop limit to 2

You can override either value by passing in the parameter and the desired value to the set_metadata_defaults function. You can also set values for the Instance Metadata Service setting (which enables or disables the IMDS endpoint by default) and the Access to tags in Metadata. For more information on these settings, reference the Boto3 documentation for modify_instance_metadata_defaults.

1. Your Boto3 version must be 1.34.70 or later, which added support for ModifyInstanceMetadataDefaults.