EC2 overview and attacks


  • Instance Metadata Service (IMDS)
  • Runs on every EC2 instance by default but can be disabled
  • IMDSv2 should be used when enabled (more secure)
  • Retrieves user-data or meta-data e.g. user-data may contain hard-coded secrets, and meta-data has details on the instance itself like IP, hostname, Instance Profile creds, etc.
  • Available on the following URIs:
    • IPv4
    • IPv6 http://[fd00:ec2::254]/latest/meta-data/

Get User-Data

  • aws ec2 describe-instance-attribute --instance-id "instanceId" --attribute userData
  • - Simple bash script leveraging the aws cli, enumerates all ec2 instances, and returns decoded user-data

Get Instance Profile Credentials

  • If the instance has an IAM role attached to it, find it here,<IamRoleName>
Last modified 1mo ago