diff --git a/SOURCES/40c52ce1f4049449b04f93226721f63af874c5c7.patch b/SOURCES/40c52ce1f4049449b04f93226721f63af874c5c7.patch
new file mode 100644
index 0000000..8399acf
--- /dev/null
+++ b/SOURCES/40c52ce1f4049449b04f93226721f63af874c5c7.patch
@@ -0,0 +1,146 @@
+From 40c52ce1f4049449b04f93226721f63af874c5c7 Mon Sep 17 00:00:00 2001
+From: Eduardo Dobay <edudobay@users.noreply.github.com>
+Date: Wed, 6 Apr 2022 01:28:01 -0300
+Subject: [PATCH] Support EC2 tags in instance metadata (#1309)
+
+Add support for newer EC2 metadata versions (up to 2021-03-23), so that
+tags can be retrieved from the `ds.meta_data.tags` field, as well as
+with any new fields that might have been added since the 2018-09-24
+version.
+---
+ cloudinit/sources/DataSourceEc2.py  |  5 +++--
+ doc/rtd/topics/datasources/ec2.rst  | 28 ++++++++++++++++++++++------
+ tests/unittests/sources/test_ec2.py | 26 +++++++++++++++++++++++++-
+ tools/.github-cla-signers           |  1 +
+ 4 files changed, 51 insertions(+), 9 deletions(-)
+
+diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py
+index 03b3870c2e..a030b4987b 100644
+--- a/cloudinit/sources/DataSourceEc2.py
++++ b/cloudinit/sources/DataSourceEc2.py
+@@ -61,8 +61,9 @@ class DataSourceEc2(sources.DataSource):
+     min_metadata_version = "2009-04-04"
+ 
+     # Priority ordered list of additional metadata versions which will be tried
+-    # for extended metadata content. IPv6 support comes in 2016-09-02
+-    extended_metadata_versions = ["2018-09-24", "2016-09-02"]
++    # for extended metadata content. IPv6 support comes in 2016-09-02.
++    # Tags support comes in 2021-03-23.
++    extended_metadata_versions = ["2021-03-23", "2018-09-24", "2016-09-02"]
+ 
+     # Setup read_url parameters per get_url_params.
+     url_max_wait = 120
+diff --git a/doc/rtd/topics/datasources/ec2.rst b/doc/rtd/topics/datasources/ec2.rst
+index 94e4158d93..77232269b9 100644
+--- a/doc/rtd/topics/datasources/ec2.rst
++++ b/doc/rtd/topics/datasources/ec2.rst
+@@ -38,11 +38,26 @@ Userdata is accessible via the following URL:
+     GET http://169.254.169.254/2009-04-04/user-data
+     1234,fred,reboot,true | 4512,jimbo, | 173,,,
+ 
+-Note that there are multiple versions of this data provided, cloud-init
+-by default uses **2009-04-04** but newer versions can be supported with
+-relative ease (newer versions have more data exposed, while maintaining
+-backward compatibility with the previous versions).
+-Version **2016-09-02** is required for secondary IP address support.
++Note that there are multiple EC2 Metadata versions of this data provided
++to instances. cloud-init will attempt to use the most recent API version it
++supports in order to get latest API features and instance-data. If a given
++API version is not exposed to the instance, those API features will be
++unavailable to the instance.
++
++
+++----------------+----------------------------------------------------------+
+++ EC2 version    | supported instance-data/feature                          |
+++================+==========================================================+
+++ **2021-03-23** | Required for Instance tag support. This feature must be  |
++|                | enabled individually on each instance.  See the          |
++|                | `EC2 tags user guide`_.                                  |
+++----------------+----------------------------------------------------------+
++| **2016-09-02** | Required for secondary IP address support.               |
+++----------------+----------------------------------------------------------+
++| **2009-04-04** | Minimum supports EC2 API version for meta-data and       |
++|                | user-data.                                               |
+++----------------+----------------------------------------------------------+
++
+ 
+ To see which versions are supported from your cloud provider use the following
+ URL:
+@@ -71,7 +86,7 @@ configuration (in `/etc/cloud/cloud.cfg` or `/etc/cloud/cloud.cfg.d/`).
+ 
+ The settings that may be configured are:
+ 
+- * **metadata_urls**: This list of urls will be searched for an Ec2
++ * **metadata_urls**: This list of urls will be searched for an EC2
+    metadata service. The first entry that successfully returns a 200 response
+    for <url>/<version>/meta-data/instance-id will be selected.
+    (default: ['http://169.254.169.254', 'http://instance-data:8773']).
+@@ -121,4 +136,5 @@ Notes
+    For example: the primary NIC will have a DHCP route-metric of 100,
+    the next NIC will be 200.
+ 
++.. _EC2 tags user guide: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS
+ .. vi: textwidth=79
+diff --git a/tests/unittests/sources/test_ec2.py b/tests/unittests/sources/test_ec2.py
+index b376660d3e..7c8a5ea5ef 100644
+--- a/tests/unittests/sources/test_ec2.py
++++ b/tests/unittests/sources/test_ec2.py
+@@ -210,6 +210,17 @@
+ 
+ M_PATH_NET = "cloudinit.sources.DataSourceEc2.net."
+ 
++TAGS_METADATA_2021_03_23 = {
++    **DEFAULT_METADATA,
++    "tags": {
++        "instance": {
++            "Environment": "production",
++            "Application": "test",
++            "TagWithoutValue": "",
++        }
++    },
++}
++
+ 
+ def _register_ssh_keys(rfunc, base_url, keys_data):
+     """handle ssh key inconsistencies.
+@@ -670,7 +681,7 @@ def test_aws_token_redacted(self):
+         logs_with_redacted = [log for log in all_logs if REDACT_TOK in log]
+         logs_with_token = [log for log in all_logs if "API-TOKEN" in log]
+         self.assertEqual(1, len(logs_with_redacted_ttl))
+-        self.assertEqual(81, len(logs_with_redacted))
++        self.assertEqual(83, len(logs_with_redacted))
+         self.assertEqual(0, len(logs_with_token))
+ 
+     @mock.patch("cloudinit.net.dhcp.maybe_perform_dhcp_discovery")
+@@ -811,6 +822,19 @@ def test_ec2_local_performs_dhcp_on_non_bsd(
+         )
+         self.assertIn("Crawl of metadata service took", self.logs.getvalue())
+ 
++    def test_get_instance_tags(self):
++        ds = self._setup_ds(
++            platform_data=self.valid_platform_data,
++            sys_cfg={"datasource": {"Ec2": {"strict_id": False}}},
++            md={"md": TAGS_METADATA_2021_03_23},
++        )
++        self.assertTrue(ds.get_data())
++        self.assertIn("tags", ds.metadata)
++        self.assertIn("instance", ds.metadata["tags"])
++        instance_tags = ds.metadata["tags"]["instance"]
++        self.assertEqual(instance_tags["Application"], "test")
++        self.assertEqual(instance_tags["Environment"], "production")
++
+ 
+ class TestGetSecondaryAddresses(test_helpers.CiTestCase):
+ 
+diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers
+index a8f2fd55e1..5f05dba907 100644
+--- a/tools/.github-cla-signers
++++ b/tools/.github-cla-signers
+@@ -28,6 +28,7 @@ dermotbradley
+ dhensby
+ eandersson
+ eb3095
++edudobay
+ emmanuelthome
+ eslerm
+ esposem
diff --git a/SPECS/cloud-init.spec b/SPECS/cloud-init.spec
index bc0729b..0148a2a 100644
--- a/SPECS/cloud-init.spec
+++ b/SPECS/cloud-init.spec
@@ -6,7 +6,7 @@
 
 Name:           cloud-init
 Version:        22.1
-Release:        1%{?dist}
+Release:        1.1%{?dist}
 Summary:        Cloud instance init scripts
 
 Group:          System Environment/Base
@@ -21,6 +21,8 @@ Patch0003: 0003-limit-permissions-on-def_log_file.patch
 Patch0004: 0004-include-NOZEROCONF-yes-in-etc-sysconfig-network.patch
 Patch0005: 0005-Remove-race-condition-between-cloud-init-and-Network.patch
 Patch0006: 0006-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch
+# Add support for newer EC2 metadata versions (up to 2021-03-23)
+Patch0007: https://github.com/canonical/cloud-init/commit/40c52ce1f4049449b04f93226721f63af874c5c7.patch
 
 BuildArch:      noarch
 
@@ -217,6 +219,10 @@ fi
 %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf
 
 %changelog
+* Fri May 06 2022 Davide Cavalca <dcavalca@fb.com> - 22.1-1.1
+- Backport support for newer EC2 metadata versions (up to 2021-03-23)
+- Resolves: bz#2082686
+
 * Mon Apr 25 2022 Amy Chen <xiachen@redhat.com> - 22.1-1
 - Rebaes to 22.1 [bz#2065544]
 - Resolves: bz#2065544