Tech with Tyler

LinkedIn GitHub YouTube

👋Welcome!
- whoami
- !!! Disclaimer !!!
🎓Academy
☁️Cloud Security
📦Containers & Orchestration
- Kubernetes
👨‍💻Coding & CLI Tooling
⚙️DevSecOps
🎁Miscellaneous
- Jenkins
💻Operating Systems
- Linux
🏗️Projects
📌Other
- Useful Resources

Powered by GitBook

On this page

IMDS
Get User-Data
Get Instance Profile Credentials

Was this helpful?

Cloud Security

AWS General Info

EC2

EC2 overview and attacks

PreviousAmazon Bedrock NextKMS

Last updated 1 year ago

Was this helpful?

IMDS

Instance Metadata Service (IMDS)
Runs on every EC2 instance by default but
should be used when enabled (more secure)
Retrieves e.g. user-data may contain hard-coded secrets, and meta-data has details on the instance itself like IP, hostname, Instance Profile creds, etc.
Available on the following URIs:
- IPv4 http://169.254.169.254/latest/meta-data/
- IPv6 http://[fd00:ec2::254]/latest/meta-data/

Get User-Data

aws ec2 describe-instance-attribute --instance-id "instanceId" --attribute userData
- Simple bash script leveraging the aws cli, enumerates all ec2 instances, and returns decoded user-data

Get Instance Profile Credentials

If the instance has an IAM role attached to it, find it here, http://169.254.169.254/latest/meta-data/iam/security-credentials/<IamRoleName>
Similarly, another path exists meta-data/identity-credentials/ec2/security-credentials/ec2-instance⁠ but this is used for AWS Services like SSM or EC2 Instance Connect. These are not valid credentials that can be used in API calls.

☁️

can be disabled

user-data or meta-data

EC2userDataDumper.sh