Unable to connect to the AVE when deploying Avamar with Metadata v2 (IMDSV2) only in AWS

1. Deploy the Avamar instance using both Metadata v1 and v2 enabled.
2. Launch the AWS CLI and run the following command, substituting the instance-id with the instance id of the newly deployed Avamar server.

aws ec2 describe-instances --instance-ids <instance-id>

3. Run the following command to enable the HttpTokens and convert the instance to IMDSv2. Again, substitute the instance-id with the instance id of the Avamar server.

aws ec2 modify-instance-metadata-options --instance-id <instanced-id> --http-tokens required --http-endpoint enabled --http-put-response-hop-limit 1

The following parameter can be adjusted, depending on specific needs:

http-put-reponse-hop-limit: "The desired HTTP PUT response hop limit for instance metadata requests."

4. Verify that the parameters have been accepted by repeating the command from step 2. Sample output:
 

5. Test the SSH connection and verify that IMDSv2 is now enabled. Run the following curl command to confirm:
 

curl http://169.254.169.254/latest/meta

Note the "Unauthorized" tile and header. They indicate that the IMDSv2 is enabled and the token is required. There would not be any unauthorized errors if the instance metadata service was in version 1. Sample output:



References: 
https://aws.amazon.com/cli/
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html