Callback-url-http-3a-2f-2f169.254.169.254-2flatest-2fmeta Data-2fiam-2fsecurity Credentials-2f May 2026

The URL you provided, http://169.254.169, is the specific endpoint for the AWS Instance Metadata Service (IMDS). It is used by applications running on EC2 instances to retrieve temporary IAM security credentials.

IAM Security Credentials: Appending this path allows a user (or an attacker) to see the name of the IAM role attached to the instance. The URL you provided, http://169

  • An attempt to exfiltrate IAM credentials via a misconfigured webhook/callback feature.
  • Or a proof-of-concept exploit for SSRF vulnerabilities.

Use of Credentials: Applications running on the EC2 instance can then use these temporary credentials to make secure requests to AWS services. An attempt to exfiltrate IAM credentials via a

AWS now strongly recommends disabling IMDSv1 entirely and enforcing IMDSv2 on all EC2 instances. Use of Credentials : Applications running on the

/latest: This indicates that the instance should return the latest version of the metadata available.

  • If the app’s backend makes the request without proper filtering, the response will leak the instance’s IAM role names and, with a second request, the actual credentials.
    • Scroll to Top