Credentials-2f _best_ - Request-url-http-3a-2f-2f169.254.169.254-2flatest-2fmeta Data-2fiam-2fsecurity

Because standard SSRF vulnerabilities usually restrict attackers to simple GET requests and prevent them from injecting custom HTTP headers (like X-aws-ec2-metadata-token ), You should explicitly configure your EC2 launch templates and running instances to require IMDSv2 and disable IMDSv1 entirely. 2. Implement Input Validation and Whitelisting

In this case, the attack was observed and ultimately prevented because the targeted environment was using IMDSv2, which blocked the attacker's attempt to retrieve the credentials. However, in environments still using IMDSv1, this exploit would have resulted in a full compromise of the EC2 instance's IAM credentials. This incident demonstrates that attackers are continuously searching for and exploiting new SSRF vulnerabilities in common applications running on EC2. in environments still using IMDSv1