1 article with this tag
A single SSRF reached the metadata endpoint → over-privileged IAM temporary credentials → bulk S3 copy, leaking ~106M records. Every hop could have stopped it. In your environment: IMDSv2, IAM least privilege, and an allowlist for outbound fetches.