http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/
– If you run user-submitted code in your VM (e.g., via a web app), they can query /service-accounts/default/token and impersonate your service account. http://metadata
http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token Use this endpoint for in-VM access to Google
The request traveled over the internet to the company’s load balancer. The load balancer, however, had a rudimentary security guard installed—a Web Application Firewall (WAF). The WAF inspected the incoming text. It saw the words metadata.google.internal and blocked the request immediately. Uncovering the Mystery of the Fetch URL: http://metadata
: The directory listing all service accounts associated with the current instance. What Does This Endpoint Return?
The -H "Metadata-Flavor: Google" header is crucial as it tells the metadata server that you're a VM instance and not someone trying to access the metadata server from outside.