Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
latest/meta-data/
AWS EC2 Instance Metadata Service path, a classic SSRF target for stealing IAM credentials
What an attacker could do
This is the cloud instance-metadata endpoint. Through an SSRF flaw an attacker can reach it to steal temporary IAM credentials and pivot into the wider cloud account.
How to defend it
Enforce IMDSv2 (token-required) on EC2, lower the metadata hop limit, and validate or deny server-side requests to link-local addresses such as 169.254.169.254.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation