Getting information about a VM
To get basic information about each VM you created, go to the management console
You can also get basic information and metadata from inside a VM.
Getting information from outside a VM
On the Virtual machines page in the Compute Cloud service, you can find a list of VMs in the folder and brief information for each of them.
For more information about a certain VM, click the line with its name.
Tabs:
- Overview shows general information about the VM, including the IP addresses assigned to it.
- Disks provides information about the disks attached to the VM.
- File storages provides information about the file storage attached.
- Operations lists operations on the VM and resources attached to it, such as disks.
- Monitoring shows information about resource consumption on the VM. You can only get this information from the management console or from inside the VM.
- Serial console provides access to the serial console if enabled when creating the VM.
- Serial port provides information that the VM outputs to the serial port. To get this information via the API or CLI, use the Getting serial port's output guide.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View the description of the command for getting serial port output:
yc compute instance get --help
-
Select a VM, e.g.,
first-instance
:yc compute instance list
Result:
+----------------------+-----------------+---------------+---------+----------------------+ | ID | NAME | ZONE ID | STATUS | DESCRIPTION | +----------------------+-----------------+---------------+---------+----------------------+ | fhm0b28lgfp4******** | first-instance | ru-central1-a | RUNNING | my first vm via CLI | | fhm9gk85nj7g******** | second-instance | ru-central1-a | RUNNING | my second vm via CLI | +----------------------+-----------------+---------------+---------+----------------------+
-
Get basic information about the VM:
yc compute instance get first-instance
To get VM information with metadata, use the
--full
flag:yc compute instance get --full first-instance
With Terraform
Terraform is distributed under the Business Source License
For more information about the provider resources, see the documentation on the Terraform
If you don't have Terraform, install it and configure the Yandex Cloud provider.
-
In the Terraform configuration file, describe the parameters of the resources you want to create:
data "yandex_compute_instance" "my_instance" { instance_id = "<VM_ID>" } output "instance_external_ip" { value = "${data.yandex_compute_instance.my_instance.network_interface.0.nat_ip_address}" }
Where:
data "yandex_compute_instance"
: Description of the data source to get VM information from:instance_id
: VM ID.
output "instance_external_ip"
: Public IP address of the VM to return in the output:value
: Returned value.
For more information about the
yandex_compute_instance
data source parameters, see the provider documentation . -
Create resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
Terraform will create the required resources and display the output variable values in the terminal. To check the results, run:
terraform output instance_external_ip
Result:
instance_external_ip = "158.160.50.228"
-
To get basic information about a VM, use the get REST API method for the Instance resource or the InstanceService/Get gRPC API call.
The basic information does not include the user-defined metadata provided when creating or updating the VM. To get the information along with the metadata, specify view=FULL
in the parameters.
Getting information from inside a VM
From inside the VM, the metadata service is accessible at the IP address 169.254.169.254
.
Currently, the Yandex Cloud metadata service returns metadata in Google Compute Engine and Amazon EC2 formats.
Google Compute Engine
The Yandex Cloud metadata service allows you to return metadata in Google Compute Engine format.
HTTP request
GET http://169.254.169.254/computeMetadata/v1/instance/
? alt=<json|text>
& recursive=<true|false>
& wait_for_change=<true|false>
& last_etag=<string>
& timeout_sec=<int>
Metadata-Flavor: Google
Where:
alt
: Response format (by default,text
).recursive
: Iftrue
, it returns all values in the tree recursively. The default value isfalse
.wait_for_change
: Iftrue
, this response will be returned only when one of the metadata parameters is modified. The default value isfalse
.last_etag
: The ETag value from the previous response to a similar request. Use ifwait_for_change="true"
.timeout_sec
: Maximum request timeout. Use ifwait_for_change="true"
.
Request examples
Find out the ID of a VM from inside it:
curl \
--header Metadata-Flavor:Google \
169.254.169.254/computeMetadata/v1/instance/id
Get metadata in JSON format:
curl \
--header Metadata-Flavor:Google \
169.254.169.254/computeMetadata/v1/instance/?recursive=true
Get metadata in an easy-to-read format. Use the jq
curl \
--header Metadata-Flavor:Google \
169.254.169.254/computeMetadata/v1/instance/?recursive=true | \
jq -r '.'
Getting an identity document:
curl \
--header Metadata-Flavor:Google \
169.254.169.254/computeMetadata/v1/instance/vendor/identity/document
List of returned elements
List of elements available for this request:
attributes/
: User-defined metadata provided in themetadata
field when creating or updating the VM.attributes/ssh-keys
: List of public SSH keys provided in themetadata
field through thessh-keys
value when creating the VM.description
: Text description provided when creating or updating the VM.disks/
: Disks attached to the VM.hostname
: FQDN assigned to the VM.id
: VM ID. The ID is generated automatically when the VM is being created and is unique within Yandex Cloud.name
: Name provided when creating or updating the VM.networkInterfaces/
: Network interfaces connected to the VM.service-accounts
: Service accounts linked to the VM.service-accounts/default/token
: Yandex Identity and Access Management token of the linked service account.
Other elements, such as project
, which are used for backward compatibility and remain empty.
Amazon EC2
The Yandex Cloud metadata service allows you to return metadata in Amazon EC2 format. This format has no support for user-defined metadata fields.
HTTP request
GET http://169.254.169.254/latest/meta-data/<element>
Where <element>
is the path to the element you want to get. If the element is omitted, the response returns a list of available elements.
List of returned elements
List of elements that are available for this request.
Note
The angle brackets contain parameters to replace with values. For example, instead of <MAC_address>
, you should specify the MAC address of the network interface.
hostname
: Host name assigned to VM.instance-id
: VM ID.local-ipv4
: Internal IPv4 address.local-hostname
: Host name assigned to VM.mac
: MAC address of VM network interface.network/interfaces/macs/<MAC_address>/ipv6s
: Internal IPv6 addresses associated with the network interface.network/interfaces/macs/<MAC_address>/local-hostname
: Host name associated with the network interface.network/interfaces/macs/<MAC_address>/local-ipv4s
: Internal IPv4 addresses associated with the network interface.network/interfaces/macs/<MAC_address>/mac
: MAC address of the VM network interface.public-ipv4
: Public IPv4 address.
Request examples
Getting an internal IP address from inside a VM:
curl http://169.254.169.254/latest/meta-data/local-ipv4
Getting an identity document:
curl http://169.254.169.254/latest/vendor/instance-identity/document
Setting up metadata service parameters for a VM instance
You can configure metadata service parameters when creating or updating VMs.
Available options:
-
aws-v1-http-endpoint
: Provides access to metadata using AWS format (IMDSv1). Possible values:enabled
,disabled
. If set todisabled
, the metadata request will fail with error400
(BadRequest
). The default value isenabled
. -
aws-v1-http-token
: Enables using the AWSv1 (IMDSv1) metadata to get a token of the service account connected to the VM. Possible values:enabled
,disabled
. If set todisabled
, the token request will fail with error400
(BadRequest
). The default value isdisabled
.Note
The IMDSv1 format has a number of security flaws; therefore, the
aws-v1-http-token
parameter isdisabled
by default. The most severe drawback of IMDSv1 is its high risk of certain attacks, e.g., SSRF . You can read more about it in the AWS official blog . To change the default behavior of this parameter, contact support .The most secure way to get a token in Yandex Cloud is to use Google Compute Engine format, which provides an extra header for protection against SSRF.
-
gce-http-endpoint
: Provides access to metadata using Google Compute Engine format. Possible values:enabled
,disabled
. If set todisabled
, the metadata request will fail with error400
(BadRequest
). The default value isenabled
. -
aws-v1-http-token
: Enables using the Google Compute Engine metadata to get a token of the service account connected to the VM. Possible values:enabled
,disabled
. If thedisabled
value is set for the option, then the request to get a token will end with error400
(BadRequest
). The default value isenabled
.
You can get the values of the metadata service parameters together with the VM information using the CLI and API.
To set up metadata service parameters for a VM instance:
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View a description of the CLI command for updating VM parameters:
yc compute instance update --help
-
Get a list of VMs in the default folder:
yc compute instance list
-
Select the
ID
orNAME
of the VM you need. -
Set the metadata service settings using the
--metadata-options
parameter:yc compute instance update <VM_ID> \ --metadata-options gce-http-endpoint=enabled
If you don't have Terraform, install it and configure the Yandex Cloud provider.
With Terraform
Terraform is distributed under the Business Source License
For more information about the provider resources, see the documentation on the Terraform
-
Open the Terraform configuration file and change the
metadata_options
parameter in the VM description:... resource "yandex_compute_instance" "test-vm" { ... metadata_options { aws_v1_http_endpoint = 2 aws_v1_http_token = 2 gce_http_endpoint = 0 gce_http_token = 0 } ... } ...
Where:
yandex_compute_instance
: VM description.metadata_options
: Metadata parameters:aws_v1_http_endpoint
: Provides access to metadata using AWS format (IMDSv1). Possible values:0
,1
forenabled
and2
fordisabled
.aws_v1_http_token
: Provides access to Identity and Access Management credentials using AWS format (IMDSv1). Possible values:0
,1
forenabled
and2
fordisabled
.gce_http_endpoint
: Provides access to metadata using Google Compute Engine format. Possible values:0
,1
forenabled
and2
fordisabled
.gce_http_token
: Provides access to Identity and Access Management credentials using Google Compute Engine format. Possible values:0
,1
forenabled
and2
fordisabled
.
For more information about the
yandex_compute_instance
resource parameters in Terraform, see the provider documentation . -
Create resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
All the resources you need will then be created in the specified folder with the settings you defined. You can check the new resources and their settings using the management console
or this CLI command:yc compute instance get <VM_name>
-
Use the update REST API method for the Instance resource or the InstanceService/Update gRPC API call.
Removing SSH keys from metadata
- In the management console
, select the folder the VM belongs to. - Select Compute Cloud.
- Click the VM name.
- In the top-right corner of the page, click
Edit VM. - Open the Metadata menu and remove the keys by clicking
.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View a description of the CLI command to remove metadata:
yc compute instance remove-metadata --help
-
Remove the keys:
yc compute instance remove-metadata <VM_ID> --keys <SSH_key_name>
To remove SSH keys from the VM metadata, use the updateMetadata REST API method for the Instance resource or the InstanceService/UpdateMetadata gRPC API call.
In your request, provide the delete
parameter with the SSH key.
REST API request example
curl \
--request POST \
--header "Authorization: Bearer <IAM_token>" \
--data '{"delete":["<SSH_key_name>"]}' \
https://compute.api.cloud.yandex.net/compute/v1/instances/<VM_ID>/updateMetadata