diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md
index 56a07967d3010c..34fb432a12465f 100644
--- a/docs/usage/self-hosted-configuration.md
+++ b/docs/usage/self-hosted-configuration.md
@@ -904,6 +904,12 @@ This is currently applicable to `npm` only, and only used in cases where bugs in
 If enabled emoji shortcodes are replaced with their Unicode equivalents.
 For example: `:warning:` will be replaced with `⚠️`.
 
+## useCloudMetadataServices
+
+Some cloud providers offer services to receive metadata about the current instance, for example [AWS Instance metadata](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-instance-metadata.html)
+or [GCP VM metadata](https://cloud.google.com/compute/docs/metadata/overview).
+Use this option to control whether Renovate should try to access these services.
+
 ## username
 
 You may need to set a `username` if you:
diff --git a/lib/config/options/index.ts b/lib/config/options/index.ts
index 06319babafae1f..340066f9b2f029 100644
--- a/lib/config/options/index.ts
+++ b/lib/config/options/index.ts
@@ -21,6 +21,14 @@ const options: RenovateOptions[] = [
     default: false,
     globalOnly: true,
   },
+  {
+    name: 'useCloudMetadataServices',
+    description:
+      'If `false`, Renovate does not try to access cloud metadata services.',
+    type: 'boolean',
+    default: true,
+    globalOnly: true,
+  },
   {
     name: 'allowPostUpgradeCommandTemplating',
     description:
diff --git a/lib/config/types.ts b/lib/config/types.ts
index 777f27b3aa0a00..0e49d058a030bf 100644
--- a/lib/config/types.ts
+++ b/lib/config/types.ts
@@ -116,6 +116,7 @@ export interface GlobalOnlyConfig {
   repositories?: RenovateRepository[];
   platform?: PlatformId;
   endpoint?: string;
+  useCloudMetadataServices?: boolean;
 }
 
 // Config options used within the repository worker, but not user configurable
diff --git a/lib/workers/global/initialize.spec.ts b/lib/workers/global/initialize.spec.ts
index 94297b1c10d291..2402e0e93449c6 100644
--- a/lib/workers/global/initialize.spec.ts
+++ b/lib/workers/global/initialize.spec.ts
@@ -79,4 +79,27 @@ describe('workers/global/initialize', () => {
       await expect(globalInitialize(config)).toResolve();
     });
   });
+
+  describe('configureThirdPartyLibraries()', () => {
+    beforeEach(() => {
+      delete process.env.AWS_EC2_METADATA_DISABLED;
+      delete process.env.METADATA_SERVER_DETECTION;
+    });
+
+    it('sets env vars when cloud metadata services disabled', async () => {
+      const config: RenovateConfig = { useCloudMetadataServices: false };
+      git.validateGitVersion.mockResolvedValueOnce(true);
+      await expect(globalInitialize(config)).toResolve();
+      expect(process.env.AWS_EC2_METADATA_DISABLED).toBe('true');
+      expect(process.env.METADATA_SERVER_DETECTION).toBe('none');
+    });
+
+    it('does not set env vars when cloud metadata services enabled', async () => {
+      const config: RenovateConfig = { useCloudMetadataServices: true };
+      git.validateGitVersion.mockResolvedValueOnce(true);
+      await expect(globalInitialize(config)).toResolve();
+      expect(process.env.AWS_EC2_METADATA_DISABLED).toBeUndefined();
+      expect(process.env.METADATA_SERVER_DETECTION).toBeUndefined();
+    });
+  });
 });