The average enterprise today utilises over 90 security tools. At the same time, 78% of organisations operate in multi-cloud environments, employing two or more providers such as AWS, Microsoft Azure, and Google Cloud Platform. These environments offer varied IAM configurations, creating inconsistencies that can be exploited.
IMDS is a crucial feature provided by AWS that allows EC2 instances to retrieve metadata about themselves. This metadata can include information such as:
Instance ID and type
Security group configurations
Public and private IP addresses
IAM role credentials
User data scripts
IMDS operates over HTTP at a special endpoint (http://169.254.169.254), accessible only from within the instance. While this service is indispensable for automation, configuration, and dynamic management of cloud resources, its improper use or misconfiguration can expose sensitive information, leading to security risks.