Request-url-http-3a-2f-2f169.254.169.254-2flatest-2fmeta — Data-2fiam-2fsecurity Credentials-2f

The feature allows an EC2 instance to request temporary security credentials for the IAM role(s) associated with it. This enables the instance to use these credentials to make secure requests to AWS services without needing to hard-code or store long-term access keys.

http://169.254.169 provides temporary security credentials for AWS EC2 instances via the IAM role attached to the server. While useful for avoiding hardcoded credentials, this endpoint presents a significant Server-Side Request Forgery (SSRF) risk if not properly secured. To mitigate risks, it is crucial to adopt Instance Metadata Service Version 2 (IMDSv2), which requires a session token, and to follow the principle of least privilege for IAM roles. You can find more information about securing EC2 metadata on the AWS website. The feature allows an EC2 instance to request

Stealing IAM Credentials from the Instance Metadata Service * To determine if the EC2 instance has an IAM role associated with it, Hacking The Cloud Stealing IAM Credentials from the Instance Metadata Service