Request-url-http-3a-2f-2f169.254.169.254-2flatest-2fmeta Data-2fiam-2fsecurity Credentials-2f

The requested URL is a critical endpoint within the used by EC2 instances to retrieve temporary security credentials. The presence of this specific string—often seen in logs or security alerts—frequently indicates an attempt to exploit a Server-Side Request Forgery (SSRF) vulnerability. What is this Endpoint?

The application can then use these credentials to call AWS APIs (e.g., read from S3, write to DynamoDB, launch new instances). The requested URL is a critical endpoint within