Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Configuring metadata service parameters for a function

Written by
Updated at March 7, 2025

You can configure metadata service parameters when creating a function version.

Available options:

  • awsV1HttpEndpoint: Provides access to metadata using the AWS format (IMDSv1). It can be either enabled or disabled. If set to disabled, the metadata request will fail with error 404 Not Found. The default value is enabled.

    Note

    The awsV1HttpEndpoint parameter is enabled by default, but we recommend disabling it. The IMDSv1 format comes with a number of security vulnerabilities. Its most severe flaw is the high risk of attacks, such as SSRF. For more information, see the AWS official blog.

  • gceHttpEndpoint: Provides access to metadata using the Google Compute Engine format. It can be either enabled or disabled. If set to disabled, the metadata request will fail with error 404 Not Found. The default value is enabled.

  1. In the management console, select the folder containing the function.
  2. Select Cloud Functions.
  3. Select a function.
  4. Navigate to the Editor tab.
  5. Expand the Additional settings section.
  6. Under Metadata service parameters, configure the parameters of the function metadata service: Access metadata using the Google Compute Engine format and Access metadata using the AWS format (IMDSv1).
  7. Click Save changes.

To configure metadata service parameters for a function, run this command:

yc serverless function version create \
  --function-id=<function_ID> \
  --runtime <runtime_environment> \
  --entrypoint <entry_point> \
  --source-version-id <version_ID> \
  --metadata-options <option>=<enabled_or_disabled>

Where:

  • --function-id: ID of the function a new version of which you want to create. To find out the function ID, get a list of functions in the folder.
  • --runtime: Runtime environment.
  • entrypoint: Entry point in <function_file_name>.<handler_name> format.
  • --source-version-id: ID of the function version from which you want to copy the code. To find out the ID, get a list of function versions.
  • --metadata-options: Settings for the metadata service parameters, e.g., aws-v1-http-endpoint=disabled.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or mirror website.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

To configure metadata service parameters for a function:

  1. Open the Terraform configuration file and add the metadata_options section to the function description:

    resource "yandex_function" "metadata_function" {
  name               = "<function_name>"
  user_hash          = "<function_hash>"
  runtime            = "<runtime_environment>"
  entrypoint         = "<entry_point>"
  memory             = "<RAM_size>"
  execution_timeout  = "<execution_timeout>"
  service_account_id = "<service_account_ID>"
  content {
    zip_filename = "<path_to_ZIP_archive>"
  }

  metadata_options {
    metadata_options.0.gce_http_endpoint = "0_or_1_or_2"
    metadata_options.0.aws_v1_http_endpoint = "0_or_1_or_2"
  }
}

    Where:

    • metadata_options: Settings for the metadata service parameters, e.g., metadata_options.0.gce_http_endpoint = "1". Specify the following:
      • 0 if you want to keep the default value.
      • 1 to enable the parameter.
      • 2 to disable the parameter.

    For more information about the yandex_function resource parameters, see this Terraform article.

  2. Apply the changes:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.

    3. Run the command:

      terraform plan

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply

    5. Confirm the changes: type yes in the terminal and press Enter.

You can check the function update and its new configuration using the management console or this CLI command:

yc serverless function version get <function_version_ID>

To create a function version, use the createVersion REST API method for the Function resource or the FunctionService/CreateVersion gRPC API call.

Previous
Getting the function version information
Next
Making a function public