Last time I helped administer a deployment on one of these clouds, one of the first things we did on the startup script for the instances was to install an iptables rule so that only uid 0 (root) could talk to the metadata servers. The need for that kind of firewall rule on every instance shows that these metadata servers are a bad design.
It would be much better if, instead of the network, these metadata servers were only visible as a PCIe or MMIO device. Of course, that would require a driver to be written, so at least initially, unmodified distributions would not be able to be used (but after a few years, every Linux and BSD distribution, and perhaps even Windows, would have that driver by default). That way, it would (on Linux) appear as files on /sys, readable only by root, without requiring any local firewall.
There are ways for (virtual) firmware to expose data directly into sysfs, e.g. DMI and WMI. There are probably nicer ones, too. A virtio-9p instance exposing metadata would do the trick, too. Or trusted emulated network interface.
It would be much better if, instead of the network, these metadata servers were only visible as a PCIe or MMIO device. Of course, that would require a driver to be written, so at least initially, unmodified distributions would not be able to be used (but after a few years, every Linux and BSD distribution, and perhaps even Windows, would have that driver by default). That way, it would (on Linux) appear as files on /sys, readable only by root, without requiring any local firewall.