Getting Instance Metadata

The metadata for an instance includes its OCIDAn Oracle-assigned unique ID called an Oracle Cloud Identifier (OCID). This ID is included as part of the resource's information in both the Console and API., display name, compartmentA collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization., shape, region, availability domainOne or more isolated, fault-tolerant Oracle data centers that host cloud resources such as instances, volumes, and subnets. A region contains several availability domains., creation date, state, image, and any custom metadata that you provide, such as an SSH public key.

You can find some of this information in the Console on the Compute page, or you can get all of it by logging in to the instance and using the metadata service. The service runs on every instance and is an HTTP endpoint listening on

Required IAM Policy

No IAM policy is required if you're logged in to the instance and using Curl to get the metadata (see below).

For administrators: Users can also get instance metadata through the Compute API (e.g., with GetInstance). The policy in Let users launch instances covers that ability. If the specified group doesn't need to launch instances or attach volumes, you could simplify that policy to include only manage instance-family, and remove the statements involving volume-family and virtual-network-family.

If you're new to policies, see Getting Started with Policies and Common Policies. If you want to dig deeper into writing policies for instances, cloud networks, or other Core Services API resources, see Details for the Core Services.

Accessing Instance Metadata on Oracle-Provided Images

You can get instance metadata on Oracle-provided images by using curl on Linux instances or using an Internet browser for Windows instances.