Request-url-http-3a-2f-2f169.254.169.254-2flatest-2fmeta Data-2fiam-2fsecurity Credentials-2f Now

If you append the specific IAM role name to the end of that URL (e.g., .../security-credentials/my-ec2-role ), the service will return a JSON object containing: SecretAccessKey Token (Session Token) Expiration Date

To mitigate SSRF risks, AWS introduced .

Protecting your cloud infrastructure requires a defense-in-depth approach. Transition to IMDSv2 If you append the specific IAM role name

The process works as follows:

: AWS now supports IMDS version 2, which requires a session-oriented request (a PUT request to get a token first). This effectively mitigates most SSRF attacks because attackers typically can only control the URL of a GET request. Hacking Articles : The attacker aims to steal

Recommendations * Validate and sanitize user-supplied URLs. * Block requests to internal IP ranges like 254.169.254 (IMDS) * Log a... Hacking Articles

: The attacker aims to steal the temporary credentials, which can then be used from outside the AWS environment to gain unauthorized access to your cloud resources, such as S3 buckets or other EC2 instances. IMDS Versioning : IMDS operated as a simple

Originally, IMDS operated as a simple, unauthenticated HTTP service (now called IMDSv1). Any process on the instance could fetch metadata with a plain GET request. This openness was the root cause of numerous security incidents.