diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py
index 10837df6a0e..fd61a2a3059 100644
--- a/cloudinit/sources/DataSourceEc2.py
+++ b/cloudinit/sources/DataSourceEc2.py
@@ -545,6 +545,9 @@ def crawl_metadata(self):
         """
         if not self.wait_for_metadata_service():
             return {}
+        ignore_items_meta_data = util.get_cfg_by_path(
+            self.sys_cfg, ("ignore_items_meta_data",), []
+        )
         api_version = self.get_metadata_api_version()
         redact = self.imdsv2_token_redact
         crawled_metadata = {}
@@ -573,6 +576,7 @@ def crawl_metadata(self):
                 headers_redact=redact,
                 exception_cb=exc_cb,
                 retrieval_exception_ignore_cb=skip_cb,
+                ignore_items=ignore_items_meta_data,
             )
             if self.cloud_name == CloudNames.AWS:
                 identity = ec2.get_instance_identity(
diff --git a/cloudinit/sources/helpers/ec2.py b/cloudinit/sources/helpers/ec2.py
index a3590a6e4b2..267b61ba9fe 100644
--- a/cloudinit/sources/helpers/ec2.py
+++ b/cloudinit/sources/helpers/ec2.py
@@ -52,7 +52,9 @@ def __call__(self, field, blob):
 # See: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/
 #         ec2-instance-metadata.html
 class MetadataMaterializer:
-    def __init__(self, blob, base_url, caller, leaf_decoder=None):
+    def __init__(
+        self, blob, base_url, caller, leaf_decoder=None, ignore_items=[]
+    ):
         self._blob = blob
         self._md = None
         self._base_url = base_url
@@ -61,6 +63,7 @@ def __init__(self, blob, base_url, caller, leaf_decoder=None):
             self._leaf_decoder = MetadataLeafDecoder()
         else:
             self._leaf_decoder = leaf_decoder
+        self._ignore_items = ignore_items
 
     def _parse(self, blob):
         leaves = {}
@@ -89,6 +92,9 @@ def get_name(item):
             # Don't materialize credentials
             if field_name == "security-credentials":
                 continue
+            # Don't materialize items in the ignore list
+            if field_name in self._ignore_items:
+                continue
             if has_children(field):
                 if field_name not in children:
                     children.append(field_name)
@@ -191,6 +197,7 @@ def _get_instance_metadata(
     headers_redact=None,
     exception_cb=None,
     retrieval_exception_ignore_cb=None,
+    ignore_items=[],
 ):
     md_url = url_helper.combine_url(metadata_address, api_version, tree)
     caller = functools.partial(
@@ -219,7 +226,11 @@ def mcaller(url):
     try:
         response = caller(md_url)
         materializer = MetadataMaterializer(
-            response.contents, md_url, mcaller, leaf_decoder=leaf_decoder
+            response.contents,
+            md_url,
+            mcaller,
+            leaf_decoder=leaf_decoder,
+            ignore_items=ignore_items,
         )
         md = materializer.materialize()
         if not isinstance(md, (dict)):
@@ -241,6 +252,7 @@ def get_instance_metadata(
     headers_redact=None,
     exception_cb=None,
     retrieval_exception_ignore_cb=None,
+    ignore_items=[],
 ):
     # Note, 'meta-data' explicitly has trailing /.
     # this is required for CloudStack (LP: #1356855)
@@ -256,6 +268,7 @@ def get_instance_metadata(
         headers_cb=headers_cb,
         exception_cb=exception_cb,
         retrieval_exception_ignore_cb=retrieval_exception_ignore_cb,
+        ignore_items=ignore_items,
     )