The most famous attack is the . A former AWS employee exploited an SSRF vulnerability to reach http://169.254.169.254/latest/meta-data/iam/security-credentials/... and retrieved an IAM role with excessive permissions, then exfiltrated 100+ million customer records.

The IP address is a link-local address used by cloud providers, most notably AWS, to host the Instance Metadata Service (IMDS).

-X PUT : Forces an HTTP PUT method, which is immune to simple GET-based SSRF vulnerabilities.

Here is an for cloud security professionals:

Show you how to extract (like IAM credentials) Explain the differences between IMDSv1 and IMDSv2 Provide a Python script to automate this process