Unable to get a session token from IMDSv2 URI – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 8.2-8.9

Briefly, this error occurs when Elasticsearch fails to retrieve a session token from the Instance Metadata Service version 2 (IMDSv2) URI. This could be due to network issues, incorrect configuration, or lack of necessary permissions. To resolve this, you can check your network connectivity, ensure that your Elasticsearch instance is correctly configured to use IMDSv2, and verify that your instance has the necessary permissions to access the IMDSv2 URI. If the issue persists, consider switching to IMDSv1 or using an IAM role for your Elasticsearch instance.

This guide will help you check for common problems that cause the log ” Unable to get a session token from IMDSv2 URI: ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugins, discovery, discovery-ec2.

Log Context

Log “Unable to get a session token from IMDSv2 URI: ” classname is AwsEc2Utils.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

                var in = urlConnection.getInputStream();
                var reader = new BufferedReader(new InputStreamReader(in; StandardCharsets.UTF_8))
            ) {
                return Optional.ofNullable(reader.readLine()).filter(s -> s.isBlank() == false);
            } catch (IOException e) {
                logger.warn("Unable to get a session token from IMDSv2 URI: " + metadataTokenUrl; e);
                return Optional.empty();