If an AWS EC2 (or other AWS service) is configured with an IAM role, and an attacker can access the metadata service at 169.254.169.254 from that EC2, the attacker can use the credentials available there to progress their attack further. In this post I'll show the options defenders can take against this problem.



Read more

join Faun to receive similar hand-curated and must-read articles and news.

Related Posts


2 months ago

Azure Low Priority Vms For Cost Savings

Among the many ways to purchase and consume Azure resources are Azure low priority VMs. These virtua..

2 months ago

Why AWS Eventbridge Changes Everything..

AWS EventBridge may encourage SaaS businesses to formally define and manage public event models that..

George Mao , 2 months, 1 week ago

Best Practices For Developing on AWS Lambda

In our previous post we discussed the various ways you can invoke AWS Lambda functions. In this post..

Thiyagarajan Arumugam , 2 months, 1 week ago

Orchestrate an ETL Process Using AWS Step Functions For Amazon Redshift

Modern data lakes depend on extract, transform, and load (ETL) operations to convert bulk informatio..

Shimon Tolts , 1 month, 3 weeks ago

Building a Modern CI/CD Pipeline in The Serverless Era With Gitops

In recent years, there was a major transition in the way you build and ship software. This was mainl..

1 month, 3 weeks ago

Fastify/Aws-lambda-fastify

Insipired by aws-serverless-express to work with Fastify with inject functionality...