Fetch-url-http-3a-2f-2f169.254.169.254-2flatest-2fmeta Data-2fiam-2fsecurity Credentials-2f Jun 2026

Whether you need the to force IMDSv2 across your infrastructure.

"Code" : "Success", "LastUpdated" : "2023-...", "Type" : "AWS-HMAC", "AccessKeyId" : "ASIA...", "SecretAccessKey" : "...", "Token" : "...", "Expiration" : "..." Whether you need the to force IMDSv2 across

: If the EC2 instance profile has overly permissive IAM roles, attackers can move laterally through your AWS infrastructure. "LastUpdated" : "2023-..."

Block requests containing link-local addresses ( 169.254.0.0/16 ) and loopback addresses ( 127.0.0.1 ). "Type" : "AWS-HMAC"

Understanding the AWS Metadata Security Risk: The Role of 169.254.169.254

creds = requests.get( f"http://169.254.169.254/latest/meta-data/iam/security-credentials/role", headers="X-aws-ec2-metadata-token": token ).json()