Hackers look for a flaw called Server-Side Request Forgery (SSRF). : A web app asks for a callback URL.
This specific path returns the name of the IAM role assigned to the instance. A follow-up request to .../security-credentials/[role-name] would return the AccessKeyId , SecretAccessKey , and Token . Hackers look for a flaw called Server-Side Request
The IP address 169.254.169.254 is a link-local address used by cloud service providers like AWS, Google Cloud Platform (GCP), and Microsoft Azure to host their Instance Metadata Service. This service is only accessible from within the virtual machine or container running on the cloud infrastructure. It provides configuration data, network settings, and, most importantly, temporary security credentials associated with the IAM role assigned to that specific cloud instance. Anatomy of the Vulnerability Google Cloud Platform (GCP)