A sample exam question is knowing how to retrieve instance metadata from within an Amazon EC2 instance. Metadata provides configuration details such as instance ID, AMI used, security group, and IAM role attached. The trap here is remembering the correct link-local address used to query metadata.
Let’s walk through a sample scenario, break down why the link-local address is the right answer, and summarize with cheat sheets, exam tips, and highlights.
Scenario
A company’s operations team needs to quickly check the configuration details of a Linux-based Amazon EC2 instance.
The solutions architect must identify the command that retrieves system metadata, including
Instance ID and AMI ID
Security groups
Networking details
IAM role associated with the instance
Solution – Use the Link-Local Address (169.254.169.254)
To retrieve instance metadata, the architect runs:
curl http://169.254.169.254/latest/meta-data/
169.254.169.254is a link-local address, accessible only from within the instance.The
/latest/meta-data/path exposes configuration and networking details.Metadata cannot be retrieved from
localhost,192.168.x.x, or any public IP.
This ensures secure, scoped access to instance-specific information.
Cheat Sheet: EC2 Instance Metadata Service (IMDS)
Feature | Details | Exam Clue |
|---|---|---|
Address |
| Correct IP for metadata queries |
Path |
| Used to access metadata categories |
Data Available | Instance ID, AMI ID, security groups, IAM role, networking info | “Retrieve instance details” = metadata service |
Access | From inside the instance only | Not accessible from outside |
IMDSv2 | Token-based, more secure | Exam may mention security requirements |
Cheat Sheet: Common Wrong Answers
Option | Why Wrong |
|---|---|
localhost (127.0.0.1) | Checks loopback, metadata not available |
192.168.x.x | Private subnet range, not metadata service |
254.169.254.169 | Wrong format — metadata requires 169.254.169.254 |
Exam Tips
Exam Tip | Key Point | Why It Matters |
|---|---|---|
Metadata = 169.254.169.254 | Only valid link-local address | Most common exam trap |
Metadata ≠ Localhost | 127.0.0.1 won’t work | Easy distractor |
Metadata ≠ VPC CIDR | 192.168.x.x is private, not metadata | Eliminate fast |
IMDSv2 = Security Upgrade | Token required | Expect this in real-world, but exam often tests v1 basics |
Exam Highlights
EC2 metadata is retrievable only inside the instance.
IMDSv2 (token-based) adds security, but 169.254.169.254 remains the access point.
Exam keywords: “retrieve instance details,” “curl,” “metadata service.”
Ready to take your AWS Solutions Architect – Associate prep to the next level?
Join our Study Notes and Study Group to connect with fellow learners, access structured exam-aligned resources (study notes, flashcards, scenario-based questions, personalized study plans with email reminders, and the ability to add notes to any lesson), and participate in weekly, exam-aligned sessions using a live AWS environment to explore architecture decisions through a real-world e-commerce application.
Start your journey here: https://labs.itassist.com/aws-certified-solution-architect-associate-study-notes
📺 New to the platform? Watch the YouTube playlist to see all the features in action: https://www.youtube.com/playlist?list=PLqwTb4xwPh0e7w3iNS6I7UzAds7wNlAo7