Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Getting information about a VM

Written by
Improved by
Updated at February 12, 2025

To get basic information about each VM you created, go to the management console and open the VM page. To get detailed information with custom metadata, use the CLI or API.

You can also get basic information and metadata from within a VM.

Getting information from outside a VM

In Compute Cloud, the Virtual machines page gives a list of VMs in the folder and brief information on each of them.

For more information about a VM, click the row with its name.

Here is a description of the available tabs:

  • Overview shows general information about the VM, including the IP addresses assigned to it.
  • Disks gives information about the disks attached to the VM.
  • File storages provides information about the connected file storages.
  • Operations lists operations on the VM and its resources, such as disks.
  • Monitoring shows information about VM resource consumption. You can only get this info from the management console or from within the VM.
  • Serial console provides access to the serial console if enabled when creating the VM.
  • Serial port provides information that the VM outputs to the serial port. To get this information via the API or CLI, follow Getting the serial port output.

The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name or --folder-id parameter.

  1. See the description of the command for getting the serial port output:

    yc compute instance get --help

  2. Select a VM, e.g., first-instance:

    yc compute instance list

    Result:

    +----------------------+-----------------+---------------+---------+----------------------+
|          ID          |       NAME      |    ZONE ID    | STATUS  |     DESCRIPTION      |
+----------------------+-----------------+---------------+---------+----------------------+
| fhm0b28lgfp4******** | first-instance  | ru-central1-a | RUNNING | my first vm via CLI  |
| fhm9gk85nj7g******** | second-instance | ru-central1-a | RUNNING | my second vm via CLI |
+----------------------+-----------------+---------------+---------+----------------------+

  3. Get basic information about the VM:

    yc compute instance get first-instance

    To get VM information with metadata, use the --full flag:

    yc compute instance get --full first-instance

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or mirror website.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

  1. In the Terraform configuration file, define the parameters of the resources you want to create:

    data "yandex_compute_instance" "my_instance" {
  instance_id = "<VM_ID>"
}

output "instance_external_ip" {
  value = "${data.yandex_compute_instance.my_instance.network_interface.0.nat_ip_address}"
}

    Where:

    • data "yandex_compute_instance": Description of the data source to get VM information from:
      • instance_id: VM ID.
    • output "instance_external_ip": Public IP address of the VM to return in the output:
      • value: Returned value.

    For more information about the yandex_compute_instance data source parameters, see the relevant provider documentation.

  2. Create the resources:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.

    3. Run the command:

      terraform plan

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply

    5. Confirm the changes: type yes in the terminal and press Enter.

    Terraform will create all the required resources and display the output variable values in the terminal. To check the results, run this command:

    terraform output instance_external_ip

    Result:

    instance_external_ip = "158.160.50.228"

To get basic information about a VM, use the get REST API method for the Instance resource or the InstanceService/Get gRPC API call.

The basic information does not include any custom metadata provided when creating or updating the VM. To get the information along with the metadata, specify view=FULL in the parameters.

Getting information from within a VM

From inside the VM, the metadata service is accessible at the IP address 169.254.169.254.

Currently, the Yandex Cloud metadata service returns metadata in Google Compute Engine and Amazon EC2 formats.

Google Compute Engine

The Yandex Cloud metadata service allows you to return metadata in Google Compute Engine format.

HTTP request

GET http://169.254.169.254/computeMetadata/v1/instance/
  ? alt=<json|text>
  & recursive=<true|false>
  & wait_for_change=<true|false>
  & last_etag=<string>
  & timeout_sec=<int>
Metadata-Flavor: Google

Where:

  • alt: Response format. The default value is text.
  • recursive: If true, it returns all values in the tree recursively. The default value is false.
  • wait_for_change: If true, this response will be returned only when one of the metadata parameters is modified. The default value is false.
  • last_etag: ETag from the previous response to a similar request. Use if wait_for_change="true".
  • timeout_sec: Maximum request timeout. Use if wait_for_change="true".

Request examples

Get the ID of a VM from within it:

curl \
  --header Metadata-Flavor:Google \
  169.254.169.254/computeMetadata/v1/instance/id

Get metadata in JSON format:

curl \
  --header Metadata-Flavor:Google \
  169.254.169.254/computeMetadata/v1/instance/?recursive=true

Get metadata in an easy-to-read format by using jq:

curl \
  --header Metadata-Flavor:Google \
  169.254.169.254/computeMetadata/v1/instance/?recursive=true | \
  jq -r '.'

Get an identity document:

curl \
  --header Metadata-Flavor:Google \
  169.254.169.254/computeMetadata/v1/instance/vendor/identity/document

List of returned elements

List of elements available for this request:

  • attributes/: Custom metadata provided in the metadata field when creating or updating the VM.
  • attributes/ssh-keys: List of public SSH keys provided in the metadata field through the ssh-keys value when creating the VM.
  • description: Text description provided when creating or updating the VM.
  • disks/: Disks attached to the VM.
  • hostname: FQDN assigned to the VM.
  • id: VM ID. The ID is generated automatically when creating the VM and is unique within Yandex Cloud.
  • name: Name provided when creating or updating the VM.
  • networkInterfaces/: Network interfaces connected to the VM.
  • service-accounts: Service accounts linked to the VM.
  • service-accounts/default/token: Yandex Identity and Access Management token of the linked service account.

Other elements, such as project, are used for backward compatibility and remain empty.

Amazon EC2

The Yandex Cloud metadata service allows you to return metadata in Amazon EC2 format. This format has no support for custom metadata fields.

HTTP request

GET http://169.254.169.254/latest/meta-data/<element>

Where <element> is the path to the element you want to get. If the element is omitted, the response returns a list of available elements.

List of returned elements

List of elements available for this request.

Note

The angle brackets contain parameters to replace with values. For example, instead of <MAC_address>, you should specify the MAC address of the network interface.

  • hostname: Host name assigned to the VM.
  • instance-id: VM ID.
  • local-ipv4: Internal IPv4 address.
  • local-hostname: Host name assigned to the VM.
  • mac: MAC address of the VM network interface.
  • network/interfaces/macs/<MAC_address>/ipv6s: Internal IPv6 addresses associated with the network interface.
  • network/interfaces/macs/<MAC_address>/local-hostname: Host name associated with the network interface.
  • network/interfaces/macs/<MAC_address>/local-ipv4s: Internal IPv4 addresses associated with the network interface.
  • network/interfaces/macs/<MAC_address>/mac: MAC address of the VM network interface.
  • public-ipv4: Public IPv4 address.

Request examples

Get an internal IP address from within a VM:

curl http://169.254.169.254/latest/meta-data/local-ipv4

Get an identity document:

curl http://169.254.169.254/latest/vendor/instance-identity/document

Configuring VM metadata service parameters

You can configure metadata service parameters when creating or updating VMs.

Available options:

  • aws-v1-http-endpoint: Provides access to metadata using AWS format (IMDSv1). It can be either enabled or disabled. If set to disabled, the metadata request will fail with error 400 (BadRequest). The default value is enabled.

  • aws-v1-http-token: Enables using AWSv1 (IMDSv1) metadata to get the service account token for the VM. It can be either enabled or disabled. If set to disabled, the token request will fail with error 400 (BadRequest). The default value is disabled.

    Note

    The IMDSv1 format comes with a number of security vulnerabilities; therefore, aws-v1-http-token is set to disabled by default. The most severe flaw of IMDSv1 is its high risk of attacks, such as SSRF. You can read more about it in the AWS official blog. To change the default behavior of this parameter, contact support.

    The most secure way to get a token in Yandex Cloud is to use the Google Compute Engine format, which provides an extra header to protect against SSRF.

  • gce-http-endpoint: Provides access to metadata using the Google Compute Engine format. It can be either enabled or disabled. If set to disabled, the metadata request will fail with error 400 (BadRequest). The default value is enabled.

  • aws-v1-http-token: Enables using Google Compute Engine metadata to get the service account token for the VM. It can be either enabled or disabled. If set to disabled, the token request will fail with error 400 (BadRequest). The default value is enabled.

You can get the values of the metadata service parameters together with the VM information using the CLI and API.

To configure metadata service parameters for a VM:

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for updating VM parameters:

    yc compute instance update --help

  2. Get a list of VMs in the default folder:

    yc compute instance list

  3. Select ID or NAME of the VM you need.

  4. Define the metadata service settings using the --metadata-options parameter:

    yc compute instance update <VM_ID> \
  --metadata-options gce-http-endpoint=enabled

If you don't have Terraform, install it and configure the Yandex Cloud provider.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or mirror website.

  1. Open the Terraform configuration file and change the metadata_options parameter in the VM description:

    ...
resource "yandex_compute_instance" "test-vm" {
  ... 
  metadata_options {
    aws_v1_http_endpoint = 2
    aws_v1_http_token    = 2
    gce_http_endpoint    = 0
    gce_http_token       = 0
  }
  ...
}
...

    Where:

    • yandex_compute_instance: VM description.
      • metadata_options: Metadata parameters:
        • aws_v1_http_endpoint: Provides access to metadata using AWS format (IMDSv1). Possible values: 0, 1 for enabled and 2 for disabled.
        • aws_v1_http_token: Provides access to Identity and Access Management credentials using AWS format (IMDSv1). Possible values: 0, 1 for enabled and 2 for disabled.
        • gce_http_endpoint: Provides access to metadata using Google Compute Engine format. Possible values: 0, 1 for enabled and 2 for disabled.
        • gce_http_token: Provides access to Identity and Access Management credentials using Google Compute Engine format. Possible values: 0, 1 for enabled and 2 for disabled.

    For more information about the yandex_compute_instance resource parameters in Terraform, see the relevant provider documentation.

  2. Create the resources:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.

    3. Run the command:

      terraform plan

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply

    5. Confirm the changes: type yes in the terminal and press Enter.

    All the resources you need will then be created in the specified folder with the settings you defined. You can check the new resources and their settings using the management console or this CLI command:

    yc compute instance get <VM_name>

Use the update REST API method for the Instance resource or the InstanceService/Update gRPC API call.

Removing SSH keys from metadata

  1. In the management console, select the folder the VM belongs to.
  2. Select Compute Cloud.
  3. Click the VM name.
  4. In the top-right corner of the page, click Edit VM.
  5. Open the Metadata menu and remove the keys by clicking .

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for removing metadata:

    yc compute instance remove-metadata --help

  2. Remove the keys:

    yc compute instance remove-metadata <VM_ID> --keys <SSH_key_name>

To remove SSH keys from the VM metadata, use the updateMetadata REST API method for the Instance resource or the InstanceService/UpdateMetadata gRPC API call.

In your request, provide the delete parameter with the SSH key.

REST API request example

curl \
  --request POST \
  --header "Authorization: Bearer <IAM_token>" \
  --data '{"delete":["<SSH_key_name>"]}' \
  https://compute.api.cloud.yandex.net/compute/v1/instances/<VM_ID>/updateMetadata
Previous
Getting information about a public image
Next
Getting the serial port output