diff --git a/main.tf b/main.tf
index 493b16e4c..ac841c06e 100644
--- a/main.tf
+++ b/main.tf
@@ -226,6 +226,10 @@ resource "aws_launch_configuration" "gitlab_runner_instance" {
       iops                  = lookup(root_block_device.value, "iops", null)
     }
   }
+  metadata_options {
+    http_endpoint = var.runner_instance_metadata_options_http_endpoint
+    http_tokens   = var.runner_instance_metadata_options_http_tokens
+  }
 
   associate_public_ip_address = false == var.runners_use_private_address
 
diff --git a/variables.tf b/variables.tf
index df36d6f43..a3a416c13 100644
--- a/variables.tf
+++ b/variables.tf
@@ -65,6 +65,18 @@ variable "runner_instance_spot_price" {
   default     = null
 }
 
+variable "runner_instance_metadata_options_http_endpoint" {
+  description = "Enable the Gitlab runner agent instance metadata service. The allowed values are enabled, disabled."
+  type        = string
+  default     = "enabled"
+}
+
+variable "runner_instance_metadata_options_http_tokens" {
+  description = "Set if Gitlab runner agent instance metadata service session tokens are required. The allowed values are optional, required."
+  type        = string
+  default     = "optional"
+}
+
 variable "ssh_key_pair" {
   description = "Set this to use existing AWS key pair"
   type        = string