diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md
index b1f62011d9f533be5337fafa9152373fa503d77b..f57c95d91bbbea307a3bf13cf9da69e383f2c279 100644
--- a/docs/usage/self-hosted-configuration.md
+++ b/docs/usage/self-hosted-configuration.md
@@ -913,6 +913,12 @@ This is currently applicable to `npm` only, and only used in cases where bugs in
 If enabled emoji shortcodes are replaced with their Unicode equivalents.
 For example: `:warning:` will be replaced with `âš ï¸`.
 
+## useCloudMetadataServices
+
+Some cloud providers offer services to receive metadata about the current instance, for example [AWS Instance metadata](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-instance-metadata.html)
+or [GCP VM metadata](https://cloud.google.com/compute/docs/metadata/overview).
+Use this option to control whether Renovate should try to access these services.
+
 ## username
 
 You may need to set a `username` if you:
diff --git a/lib/config/options/index.ts b/lib/config/options/index.ts
index 1ec3b48136ddb8b4f00a9ee65bb2024ea44c1139..ed4df4a41519dd6eb487b3769e5d31a1de496e19 100644
--- a/lib/config/options/index.ts
+++ b/lib/config/options/index.ts
@@ -21,6 +21,14 @@ const options: RenovateOptions[] = [
     default: false,
     globalOnly: true,
   },
+  {
+    name: 'useCloudMetadataServices',
+    description:
+      'If `false`, Renovate does not try to access cloud metadata services.',
+    type: 'boolean',
+    default: true,
+    globalOnly: true,
+  },
   {
     name: 'allowPostUpgradeCommandTemplating',
     description:
diff --git a/lib/config/types.ts b/lib/config/types.ts
index b8f0cceb1c28e9c9554472f7fb2d925bbae2e72c..4ea506e975f0f87c427e988d81fffd33f3fdbffd 100644
--- a/lib/config/types.ts
+++ b/lib/config/types.ts
@@ -117,6 +117,7 @@ export interface GlobalOnlyConfig {
   repositories?: RenovateRepository[];
   platform?: PlatformId;
   endpoint?: string;
+  useCloudMetadataServices?: boolean;
 }
 
 // Config options used within the repository worker, but not user configurable
diff --git a/lib/workers/global/initialize.spec.ts b/lib/workers/global/initialize.spec.ts
index 94297b1c10d291ec46bc877b8a39207118f0cdf2..2402e0e93449c63dbf00c4bd0fe695d923a778fe 100644
--- a/lib/workers/global/initialize.spec.ts
+++ b/lib/workers/global/initialize.spec.ts
@@ -79,4 +79,27 @@ describe('workers/global/initialize', () => {
       await expect(globalInitialize(config)).toResolve();
     });
   });
+
+  describe('configureThirdPartyLibraries()', () => {
+    beforeEach(() => {
+      delete process.env.AWS_EC2_METADATA_DISABLED;
+      delete process.env.METADATA_SERVER_DETECTION;
+    });
+
+    it('sets env vars when cloud metadata services disabled', async () => {
+      const config: RenovateConfig = { useCloudMetadataServices: false };
+      git.validateGitVersion.mockResolvedValueOnce(true);
+      await expect(globalInitialize(config)).toResolve();
+      expect(process.env.AWS_EC2_METADATA_DISABLED).toBe('true');
+      expect(process.env.METADATA_SERVER_DETECTION).toBe('none');
+    });
+
+    it('does not set env vars when cloud metadata services enabled', async () => {
+      const config: RenovateConfig = { useCloudMetadataServices: true };
+      git.validateGitVersion.mockResolvedValueOnce(true);
+      await expect(globalInitialize(config)).toResolve();
+      expect(process.env.AWS_EC2_METADATA_DISABLED).toBeUndefined();
+      expect(process.env.METADATA_SERVER_DETECTION).toBeUndefined();
+    });
+  });
 });
diff --git a/lib/workers/global/initialize.ts b/lib/workers/global/initialize.ts
index 2773006bd1ca95cdab2faabc11df35b8992e9ca0..41af7f9a5af9d7136f6dc1124a2473973d742abe 100644
--- a/lib/workers/global/initialize.ts
+++ b/lib/workers/global/initialize.ts
@@ -64,6 +64,16 @@ function setGlobalHostRules(config: RenovateConfig): void {
   }
 }
 
+function configureThirdPartyLibraries(config: AllConfig): void {
+  // Not using early return style to make clear what's the criterion to set the variables,
+  // especially when there is more stuff added here in the future.
+  if (!config.useCloudMetadataServices) {
+    logger.debug('Disabling the use of cloud metadata services');
+    process.env.AWS_EC2_METADATA_DISABLED = 'true'; // See https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html#envvars-list
+    process.env.METADATA_SERVER_DETECTION = 'none'; // See https://cloud.google.com/nodejs/docs/reference/gcp-metadata/latest#environment-variables
+  }
+}
+
 export async function globalInitialize(
   config_: AllConfig,
 ): Promise<RenovateConfig> {
@@ -76,6 +86,7 @@ export async function globalInitialize(
   limitCommitsPerRun(config);
   setEmojiConfig(config);
   setGlobalHostRules(config);
+  configureThirdPartyLibraries(config);
   await initMergeConfidence();
   return config;
 }