Modifiable IMDS route

[RyanJarv]

Wanted to check if this makes sense to open a PR for. The issue was AWS originally allowed the 169.254.169.254 to be routed to other EC2 instances, allowing them to effectively act as the IMDS server for the VPC.

This allowed lateral movement across instances due to the fact during boot cloud-init will run user data as root from this IP without verifying whether the server is trusted or not.

Reference: https://github.com/RyanJarv/EC2FakeImds

From my understanding this is not possible anymore for any account that hasn’t used this feature in the past. I don’t believe AWS made any public comment on this however.

[RyanJarv]

This was actually possible for a short period of time after the IPv6 IMDS endpoint was deployed as well. This was non-default and has since been fixed however.