Oracle Cloud Infrastructure Documentation

Getting Instance Metadata

The metadata for an instance includes its An Oracle-assigned unique ID called an Oracle Cloud Identifier (OCID). This ID is included as part of the resource's information in both the Console and API., display name, A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization., shape, region, One or more isolated, fault-tolerant Oracle data centers that host cloud resources such as instances, volumes, and subnets. A region contains one or more availability domains., creation date, state, image, and any custom metadata that you provide, such as an SSH public key.

You can find some of this information in the Console on the Compute page, or you can get all of it by logging in to the instance and using the metadata service. The service runs on every instance and is an HTTP endpoint listening on

Required IAM Policy

No IAM policy is required if you're logged in to the instance and using Curl to get the metadata (see below).

For administrators: Users can also get instance metadata through the Compute API (for example, with GetInstance). The policy in Let users launch Compute instances covers that ability. If the specified group doesn't need to launch instances or attach volumes, you could simplify that policy to include only manage instance-family, and remove the statements involving volume-family and virtual-network-family.

If you're new to policies, see Getting Started with Policies and Common Policies. If you want to dig deeper into writing policies for instances, cloud networks, or other Core Services API resources, see Details for the Core Services.

Accessing Instance Metadata on Oracle-Provided Images

You can get instance metadata on Oracle-provided images by using curl on Linux instances or using an Internet browser for Windows instances.

Using Curl to Get Linux Instance Metadata
Using an Internet Browser to Get Windows Instance Metadata