diff --git a/auth_asg.tf b/auth_asg.tf
index d46e3e9..3da9d37 100644
--- a/auth_asg.tf
+++ b/auth_asg.tf
@@ -47,7 +47,7 @@ resource "aws_launch_configuration" "auth" {
   name_prefix   = "${substr(var.cluster_name, 0, 16)}-auth-"
   image_id      = var.ami_id
   instance_type = var.auth_instance_type
-  user_data = templatefile(
+  user_data     = templatefile(
     "${path.module}/auth-user-data.tpl",
     {
       region                   = data.aws_region.current.name
@@ -67,7 +67,8 @@ resource "aws_launch_configuration" "auth" {
     }
   )
   metadata_options {
-    http_tokens = "required"
+    http_endpoint = "enabled"
+    http_tokens   = "required"
   }
   root_block_device {
     encrypted = true
diff --git a/monitor_asg.tf b/monitor_asg.tf
index f115572..2cb8421 100644
--- a/monitor_asg.tf
+++ b/monitor_asg.tf
@@ -85,7 +85,7 @@ resource "aws_launch_configuration" "monitor" {
   name_prefix   = "${var.cluster_name}-monitor-"
   image_id      = var.ami_id
   instance_type = var.monitor_instance_type
-  user_data = templatefile(
+  user_data     = templatefile(
     "${path.module}/monitor-user-data.tpl",
     {
       region           = data.aws_region.current.name
@@ -99,7 +99,8 @@ resource "aws_launch_configuration" "monitor" {
     }
   )
   metadata_options {
-    http_tokens = "required"
+    http_endpoint = "enabled"
+    http_tokens   = "required"
   }
   root_block_device {
     encrypted = true
@@ -116,7 +117,7 @@ resource "aws_security_group" "monitor" {
   name        = "${var.cluster_name}-monitor"
   description = "SG for ${var.cluster_name}-monitor"
   vpc_id      = local.vpc_id
-  tags = {
+  tags        = {
     TeleportCluster = var.cluster_name
   }
 }
diff --git a/node_asg.tf b/node_asg.tf
index 05b86e0..d9ac5f8 100644
--- a/node_asg.tf
+++ b/node_asg.tf
@@ -41,7 +41,7 @@ resource "aws_launch_configuration" "node" {
   name_prefix   = "${var.cluster_name}-node-"
   image_id      = var.ami_id
   instance_type = var.node_instance_type
-  user_data = templatefile(
+  user_data     = templatefile(
     "${path.module}/node-user-data.tpl",
     {
       region           = data.aws_region.current.name
@@ -53,7 +53,8 @@ resource "aws_launch_configuration" "node" {
     }
   )
   metadata_options {
-    http_tokens = "required"
+    http_endpoint = "enabled"
+    http_tokens   = "required"
   }
   root_block_device {
     encrypted = true
diff --git a/proxy_asg.tf b/proxy_asg.tf
index 1e9628f..f954c7e 100644
--- a/proxy_asg.tf
+++ b/proxy_asg.tf
@@ -100,7 +100,7 @@ resource "aws_launch_configuration" "proxy" {
   name_prefix   = "${substr(var.cluster_name, 0, 16)}-proxy-"
   image_id      = var.ami_id
   instance_type = var.proxy_instance_type
-  user_data = templatefile(
+  user_data     = templatefile(
     "${path.module}/proxy-user-data.tpl",
     {
       region                 = data.aws_region.current.name
@@ -117,7 +117,8 @@ resource "aws_launch_configuration" "proxy" {
     }
   )
   metadata_options {
-    http_tokens = "required"
+    http_endpoint = "enabled"
+    http_tokens   = "required"
   }
   root_block_device {
     encrypted = true