AWS Gateway API Controller - EC2 Metadata Access Issue (vpcId is not specified: EC2MetadataError: failed to make EC2Metadata request)

[egachi]

Hello,

I wanted to highlight an important configuration requirement when deploying the AWS Gateway API Controller on EKS.

Issue: When installing the gateway API controller, users may encounter the following error:

kubectl logs gateway-api-controller-aws-gateway-controller-chart-66877dtxxqn -n aws-application-networking-system                                                       

{
    "level": "fatal",
    "ts": "2025-08-24T00:57:37.700Z",
    "logger": "setup",
    "caller": "runtime/proc.go:272",
    "msg": "init config failed: vpcId is not specified: EC2MetadataError: failed to make EC2Metadata request\n\n\tstatus code: 401, request id: "
}

Root Cause: This error occurs because EKS Managed Node Groups are configured with IMDSv2 (Instance Metadata Service Version 2) and have a default HTTP PUT response hop limit of 1, which restricts pod access to the EC2 metadata service.

Solution: To resolve this, the HTTP PUT response hop limit needs to be increased to 2 on the EKS nodes. This adjustment allows pods running in Kubernetes to access the EC2 metadata service while maintaining security boundaries.

Configuration:

aws ec2 modify-instance-metadata-options \
    --instance-id <instance-id> \
    --http-put-response-hop-limit 2 \
    --http-endpoint enabled

Or create a Launch Template to increase this limit.

I recommend including this information in the official documentation to help users avoid and troubleshoot this common deployment issue.