diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go
index 2dfbb15e9ebd1..7641c387debdd 100644
--- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go
+++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go
@@ -111,6 +111,8 @@ type terraformLaunchTemplateTagSpecification struct {
 }
 
 type terraformLaunchTemplateInstanceMetadata struct {
+	// HTTPEndpoint determines whether the ec2 metadata service is available or not.
+	HTTPEndpoint *string `json:"http_endpoint,omitempty" cty:"http_endpoint"`
 	// HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests.
 	HTTPPutResponseHopLimit *int64 `json:"http_put_response_hop_limit,omitempty" cty:"http_put_response_hop_limit"`
 	// HTTPTokens is the state of token usage for your instance metadata requests.
@@ -187,6 +189,8 @@ func (t *LaunchTemplate) RenderTerraform(target *terraform.TerraformTarget, a, e
 		MetadataOptions: &terraformLaunchTemplateInstanceMetadata{
 			HTTPTokens:              e.HTTPTokens,
 			HTTPPutResponseHopLimit: e.HTTPPutResponseHopLimit,
+			// see issue https://github.com/hashicorp/terraform-provider-aws/issues/12564.
+			HTTPEndpoint: fi.String("enabled"),
 		},
 		NetworkInterfaces: []*terraformLaunchTemplateNetworkInterface{
 			{
diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go
index d07cae382f1d2..05abf8511d791 100644
--- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go
+++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go
@@ -75,6 +75,7 @@ resource "aws_launch_template" "test" {
     create_before_destroy = true
   }
   metadata_options {
+    http_endpoint               = "enabled"
     http_put_response_hop_limit = 1
     http_tokens                 = "optional"
   }
@@ -160,6 +161,7 @@ resource "aws_launch_template" "test" {
     create_before_destroy = true
   }
   metadata_options {
+    http_endpoint               = "enabled"
     http_put_response_hop_limit = 5
     http_tokens                 = "required"
   }