diff --git a/integration/helpers.go b/integration/helpers.go
index c42e2dab36e80..55993df1c81be 100644
--- a/integration/helpers.go
+++ b/integration/helpers.go
@@ -670,7 +670,7 @@ func (i *TeleInstance) CreateEx(t *testing.T, trustedSecrets []*InstanceSecrets,
 		return trace.Wrap(err)
 	}
 	i.Config = tconf
-	i.Process, err = service.NewTeleport(tconf)
+	i.Process, err = service.NewTeleport(tconf, service.WithIMDSClient(&disabledIMDSClient{}))
 	if err != nil {
 		return trace.Wrap(err)
 	}
@@ -765,7 +765,7 @@ func (i *TeleInstance) startNode(tconf *service.Config, authPort string) (*servi
 
 	// Create a new Teleport process and add it to the list of nodes that
 	// compose this "cluster".
-	process, err := service.NewTeleport(tconf)
+	process, err := service.NewTeleport(tconf, service.WithIMDSClient(&disabledIMDSClient{}))
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -809,7 +809,7 @@ func (i *TeleInstance) StartApp(conf *service.Config) (*service.TeleportProcess,
 
 	// Create a new Teleport process and add it to the list of nodes that
 	// compose this "cluster".
-	process, err := service.NewTeleport(conf)
+	process, err := service.NewTeleport(conf, service.WithIMDSClient(&disabledIMDSClient{}))
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -861,7 +861,7 @@ func (i *TeleInstance) StartApps(configs []*service.Config) ([]*service.Teleport
 
 			// Create a new Teleport process and add it to the list of nodes that
 			// compose this "cluster".
-			process, err := service.NewTeleport(cfg)
+			process, err := service.NewTeleport(cfg, service.WithIMDSClient(&disabledIMDSClient{}))
 			if err != nil {
 				results <- result{err: err, tmpDir: dataDir}
 			}
@@ -927,7 +927,7 @@ func (i *TeleInstance) StartDatabase(conf *service.Config) (*service.TeleportPro
 
 	// Create a new Teleport process and add it to the list of nodes that
 	// compose this "cluster".
-	process, err := service.NewTeleport(conf)
+	process, err := service.NewTeleport(conf, service.WithIMDSClient(&disabledIMDSClient{}))
 	if err != nil {
 		return nil, nil, trace.Wrap(err)
 	}
@@ -1013,7 +1013,7 @@ func (i *TeleInstance) StartNodeAndProxy(name string, sshPort, proxyWebPort, pro
 
 	// Create a new Teleport process and add it to the list of nodes that
 	// compose this "cluster".
-	process, err := service.NewTeleport(tconf)
+	process, err := service.NewTeleport(tconf, service.WithIMDSClient(&disabledIMDSClient{}))
 	if err != nil {
 		return trace.Wrap(err)
 	}
@@ -1100,7 +1100,7 @@ func (i *TeleInstance) StartProxy(cfg ProxyConfig) (reversetunnel.Server, error)
 
 	// Create a new Teleport process and add it to the list of nodes that
 	// compose this "cluster".
-	process, err := service.NewTeleport(tconf)
+	process, err := service.NewTeleport(tconf, service.WithIMDSClient(&disabledIMDSClient{}))
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -1149,7 +1149,7 @@ func (i *TeleInstance) Reset() (err error) {
 			return trace.Wrap(err)
 		}
 	}
-	i.Process, err = service.NewTeleport(i.Config)
+	i.Process, err = service.NewTeleport(i.Config, service.WithIMDSClient(&disabledIMDSClient{}))
 	if err != nil {
 		return trace.Wrap(err)
 	}
@@ -1881,3 +1881,19 @@ func getLocalIP() (string, error) {
 	}
 	return "", trace.NotFound("No non-loopback local IP address found")
 }
+
+// disabledIMDSClient is an EC2 instance metadata client that is always disabled. This is faster
+// than the default client when not testing instance metadata behavior.
+type disabledIMDSClient struct{}
+
+func (d *disabledIMDSClient) IsAvailable(ctx context.Context) bool {
+	return false
+}
+
+func (d *disabledIMDSClient) GetTagKeys(ctx context.Context) ([]string, error) {
+	return nil, nil
+}
+
+func (d *disabledIMDSClient) GetTagValue(ctx context.Context, key string) (string, error) {
+	return "", nil
+}
diff --git a/integration/integration_test.go b/integration/integration_test.go
index 2c6e84c028d75..a14dfa80cbf18 100644
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@@ -3710,7 +3710,7 @@ func testRotateSuccess(t *testing.T, suite *integrationTestSuite) {
 	runErrCh := make(chan error, 1)
 	go func() {
 		runErrCh <- service.Run(ctx, *config, func(cfg *service.Config) (service.Process, error) {
-			svc, err := service.NewTeleport(cfg)
+			svc, err := service.NewTeleport(cfg, service.WithIMDSClient(&disabledIMDSClient{}))
 			if err == nil {
 				serviceC <- svc
 			}
@@ -3874,7 +3874,7 @@ func testRotateRollback(t *testing.T, s *integrationTestSuite) {
 	runErrCh := make(chan error, 1)
 	go func() {
 		runErrCh <- service.Run(ctx, *config, func(cfg *service.Config) (service.Process, error) {
-			svc, err := service.NewTeleport(cfg)
+			svc, err := service.NewTeleport(cfg, service.WithIMDSClient(&disabledIMDSClient{}))
 			if err == nil {
 				serviceC <- svc
 			}
@@ -4018,7 +4018,7 @@ func testRotateTrustedClusters(t *testing.T, suite *integrationTestSuite) {
 	runErrCh := make(chan error, 1)
 	go func() {
 		runErrCh <- service.Run(ctx, *config, func(cfg *service.Config) (service.Process, error) {
-			svc, err := service.NewTeleport(cfg)
+			svc, err := service.NewTeleport(cfg, service.WithIMDSClient(&disabledIMDSClient{}))
 			if err == nil {
 				serviceC <- svc
 			}
@@ -4258,7 +4258,7 @@ func testRotateChangeSigningAlg(t *testing.T, suite *integrationTestSuite) {
 		ctx, cancel := context.WithCancel(context.Background())
 		go func() {
 			runErrCh <- service.Run(ctx, *config, func(cfg *service.Config) (service.Process, error) {
-				svc, err := service.NewTeleport(cfg)
+				svc, err := service.NewTeleport(cfg, service.WithIMDSClient(&disabledIMDSClient{}))
 				if err == nil {
 					serviceC <- svc
 				}