Instance Metadata Service

AWS has a feature known as the instance metadata service.1 This service runs on many, if not all, of the AWS services that exist. The instance metadata service provides information about the currently running service in a json array—information that is identical to the output of the Amazon CLI. The instance metadata service exists to help provide additional automation to tools that may be running on a system to be able to better execute automated jobs. This service is quarriable using private IP addressing space, which is not equivalent to localhost, but is only accessible to the local system. As such, every service has the same identical IP address to query.

The instance metadata service can be queries through a web interface or web tools on the host. The instance metadata could even provide things like AMI ID, IP Address, and more.

Instance metadata even provides you with IAM information; one of the IAM components will be the key material of the session. For instance, metadata V1 query is http://169.254.169.254/latest/meta- data/security-credentials/ .

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance- metadata-security-credentials

http://169.254.169.254/latest/meta-data/iam/security-credentials/ # This provides the role
http://169.254.169.254/latest/meta-data/iam/security-credentials/<rolename> # This may provide the key material needed.

PreviousPrivilege Escalation NextCopy of Pacu

Last updated 21 days ago