diff --git a/README.md b/README.md
index 791bb3b..dac3676 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,10 @@ Only SSH access is allowed to the bastion host.
   * `allowed_cidr` - A list of CIDR Networks to allow ssh access to. Defaults to "0.0.0.0/0"
   * `allowed_ipv6_cidr` - A list of IPv6 CIDR Networks to allow ssh access to. Defaults to "::/0"
   * `allowed_security_groups` - A list of Security Group ID's to allow access to the bastion host (useful if bastion is deployed internally) Defaults to empty list
-  * `extra_tags` - Optional a list of Key/Values Tags to be associated to the bastion host (see [Interpolated Tags](https://www.terraform.io/docs/providers/aws/r/autoscaling_group.html)) 
+  * `extra_tags` - Optional a list of Key/Values Tags to be associated to the bastion host (see [Interpolated Tags](https://www.terraform.io/docs/providers/aws/r/autoscaling_group.html))
+  *  enable_http_endpoint - Whether the metadata service is available.
+  *  use_imds_v2 - Use (IMDSv2) Instance Metadata Service V2
+  *  http_put_response_hop_limit - The desired HTTP PUT response hop limit for instance metadata requests. Can be an integer from 1 to 64.
 
 ## Outputs:
 
@@ -134,6 +137,9 @@ PS: In some cases you may consider adding flag `-A` to ssh command to enable for
 | subnet\_ids | A list of subnet ids | list | `[]` | no |
 | user\_data\_file |  | string | `"user_data.sh"` | no |
 | vpc\_id |  | string | n/a | yes |
+| enable_http_endpoint | Whether the metadata service is available | bool | `true` | no | 
+| use_imds_v2 | Use (IMDSv2) Instance Metadata Service V2 | bool | `false` | no |
+| http_put_response_hop_limit | The desired HTTP PUT response hop limit for instance metadata requests. Can be an integer from 1 to 64. | number | `1` | no |
 
 ## Outputs
 
diff --git a/main.tf b/main.tf
index 31da4fd..6ef34db 100644
--- a/main.tf
+++ b/main.tf
@@ -65,6 +65,9 @@ data "template_file" "user_data" {
 //  subnet_id              = "${var.subnet_id}"
 //  vpc_security_group_ids = ["${aws_security_group.bastion.id}"]
 //  user_data              = "${template_file.user_data.rendered}"
+//  http_endpoint               = var.enable_http_endpoint ? "enabled" : "disabled"
+//  http_tokens                 = var.use_imds_v2 ? "required" : "optional"
+//  http_put_response_hop_limit = var.http_put_response_hop_limit
 //
 //  count                  = 1
 //
@@ -95,6 +98,13 @@ resource "aws_launch_configuration" "bastion" {
   associate_public_ip_address = var.associate_public_ip_address
   key_name                    = var.key_name
 
+  # Doc: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration#metadata_options
+  metadata_options {
+    http_endpoint               = var.enable_http_endpoint ? "enabled" : "disabled"
+    http_tokens                 = var.use_imds_v2 ? "required" : "optional"
+    http_put_response_hop_limit = var.http_put_response_hop_limit
+  }
+
   lifecycle {
     create_before_destroy = true
   }
diff --git a/variables.tf b/variables.tf
index 883b9a5..cf2f2b7 100644
--- a/variables.tf
+++ b/variables.tf
@@ -115,3 +115,20 @@ variable "apply_changes_immediately" {
   default     = false
 }
 
+variable "enable_http_endpoint" {
+  description = "Whether the metadata service is available."
+  type        = bool
+  default     = true
+}
+
+variable "use_imds_v2" {
+  description = "Use (IMDSv2) Instance Metadata Service V2"
+  type        = bool
+  default     = false
+}
+
+variable "http_put_response_hop_limit" {
+  description = "The desired HTTP PUT response hop limit for instance metadata requests."
+  type        = number
+  default     = 1
+}