Move AWS EC2 instance to another subnet or availability zone

Posted byLaszlo Pinter Leave a comment on Move AWS EC2 instance to another subnet or availability zone

When we move an EC2 instance from one subnet to another or to another availability zone the EC2 Metadata Service stops working on the instance. We get the error message:

Unable to get IAM security credentials from EC2 Instance Metadata Service.

To enable the EC2 Metadata Service again, we need to update the routing configuration on the instance. Follow the steps at

https://aws.amazon.com/premiumsupport/knowledge-center/waiting-for-metadata/

As a summary:

Check the Gateway Address matches the IP address range of the subnet. In a PowerShell window execute:

route print

Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
  169.254.169.254  255.255.255.255      10.254.79.1      15

It should belong to the IPv4 CIDR of the subnet

If the Gateway Address does not belong to the IP address range of the subnet

  1. Confirm that the latest version of EC2Config (Windows Server 2012R2 and earlier) or EC2Launch (Windows Server 2016 or later) is installed on the instance.
  2. To apply the route to the instance, restart the EC2Config service (on Windows Server 2012R2 and earlier), or run the following command from an elevated PowerShell session (on Windows Server 2016 or later):
Import-Module c:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psm1 ; Add-Routes

Leave a comment

Your email address will not be published. Required fields are marked *