Request-url-http-3a-2f-2f169.254.169.254-2flatest-2fmeta Data-2fiam-2fsecurity Credentials-2f Jun 2026

The URL http://169.254.169.254/latest/meta-data/iam/security-credentials/ is a link-local address accessible only from within an EC2 instance.

request-url-http-3A-2F-2F169.254.169.254-2Flatest-2Fmeta data-2Fiam-2Fsecurity credentials-2F

Applications that must fetch remote resources should never accept arbitrary URLs from users. Implement a strict of approved domains. The URL http://169

Server Side Request Forgery (SSRF) remains one of the most critical vulnerabilities in cloud environments. A common target for these attacks is the AWS Instance Metadata Service (IMDS). When you see a request URL like 169.254.169, it is a clear sign that someone is attempting to extract sensitive IAM role information from a cloud instance. What is the 169.254.169.254 IP Address?

Are you investigating a specific or vulnerability scan alert ? Server Side Request Forgery (SSRF) remains one of

The vulnerable server blindly executes the request. Because the request originates from within the EC2 instance, AWS treats it as legitimate and returns the instance's temporary security credentials.

AWS introduced IMDSv2 to explicitly mitigate SSRF attacks. Unlike IMDSv1, which relies on a simple GET request, IMDSv2 utilizes a session-oriented design: What is the 169

: Specifies that the user wants to read metadata about the instance (as opposed to user-data scripts).

: The attacker aims to steal the temporary credentials, which can then be used from outside the AWS environment to gain unauthorized access to your cloud resources, such as S3 buckets or other EC2 instances. IMDS Versioning :

To keep your cloud environment secure, follow these three steps: