Now go ahead and audit your EC2 instances. Run this command to check if any of your instances still use IMDSv1:
http://169.254.169.254/latest/meta-data/iam/security-credentials/ Now go ahead and audit your EC2 instances
Be cautious: over‑broad rules may block legitimate calls to external APIs that happen to have “metadata” in their domain. why it is targeted
Understanding this endpoint, why it is targeted, and how to block it is essential for every cloud professional. By adopting IMDSv2, hardening your network, and validating all external requests, you can ensure that 169.254.169.254 remains a harmless internal service rather than a backdoor to your kingdom. hardening your network
What generated this log (e.g., WAF, reverse proxy, custom application)?
creds = requests.get( f"http://169.254.169.254/latest/meta-data/iam/security-credentials/role", headers="X-aws-ec2-metadata-token": token ).json()