diff --git a/terraform/aws/nat-server.tf b/terraform/aws/nat-server.tf
index 6f02bd3..0ac304e 100644
--- a/terraform/aws/nat-server.tf
+++ b/terraform/aws/nat-server.tf
@@ -1,18 +1,18 @@
 /* NAT/VPN server */
 resource "aws_instance" "nat" {
-  ami = lookup(var.aws_amis, "0")
-  instance_type = "t2.micro"
-  subnet_id = aws_subnet.public.id
-  security_groups = [aws_security_group.allow_all.id, aws_security_group.nat.id]
-  key_name = aws_key_pair.deployer.key_name
+  ami               = lookup(var.aws_amis, "0")
+  instance_type     = "t2.micro"
+  subnet_id         = aws_subnet.public.id
+  security_groups   = [aws_security_group.allow_all.id, aws_security_group.nat.id]
+  key_name          = aws_key_pair.deployer.key_name
   source_dest_check = false
   tags = {
     Name = "nat server"
   }
   connection {
-    user = "ubuntu"
+    user        = "ubuntu"
     private_key = "ssh/insecure-deployer"
-    host = self.public_ip
+    host        = self.public_ip
   }
   provisioner "remote-exec" {
     inline = [
@@ -27,4 +27,8 @@ resource "aws_instance" "nat" {
       "sudo docker run --volumes-from ovpn-data --rm gosuri/openvpn ovpn_genconfig -p ${var.vpc_cidr} -u udp://${aws_instance.nat.public_ip}"
     ]
   }
+  metadata_options {
+    http_endpoint = "disabled"
+    http_tokens   = "required"
+  }
 }