AWS IAM role credential exfiltration via EC2 Instance Metadata Service (IMDSv1)
Published Sun, Aug 4th, 2019
AWS offers a metadata service accessible to most EC2 Instances via a simple GET request to 169.254.169.254.
If an instance has an SSRF vulnerability, attackers can access the metadata service & exfiltrate the credentials
of an attached IAM role to gain privileged access to the relevant AWS environment.
Enforce the use of IMDSv2 on the instance. This will require use of a POST request to generate an access token,
which mitigates against most SSRF vulnerabilities