AWS Instance Metadata Service: A Quick Refresher

  • Host: Instance ID, AMI, AMI Launch Index, etc.
  • Network: Public/Private IPs, Subnet, Security Groups, etc.
  • User-data: Custom bootstrap scripts which execute at instance start-up
  • So many more available here!

Querying the IMDS

Output via IMDSv1 Call
Retrieving Instance ID via IMDSv1
IMDS — Accessing Security Credentials

“…the temporary security credentials associated with the role”

Retrieving the Instance’s Security Credentials via IMDSv1

Something’s Clearly Wrong Here…

Say Hello to IMDSv2

Retrieving the Authentication Token via IMDSv2
Retrieving Instance ID via IMDSv2

Migrating to IMDSv2

Disabling IMDSv1

Disabling IMDSv1

Response Hop Limits

What Next?



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Syed Hasan

Syed Hasan

Hi, I’m Syed. Explore my articles as I embark on this journey of learning more about Forensics and Cloud! 🚀