以下是一些比较敏感的 AWS 元数据服务 API 列表(持续更新):
-
获取 EC2 实例的 IAM 角色凭证:
http://169.254.169.254/latest/meta-data/iam/security-credentials/<role-name> ```` 其中 `<role-name>` 是要获取 IAM 角色凭证的角色名称。 或者 http://169.254.169.254/latest/meta-data/iam/security-credentials/ 返回json举例 { "Code" : "Success", "LastUpdated" : "2020-01-01T00:00:00Z", "Type" : "AWS-HMAC", "AccessKeyId" : "AKIAIOSFODNN7EXAMPLE", "SecretAccessKey" : "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Token" : "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvL1v8pSX7mJH60zdBDF5W0qlainiVob9t8C1o+Uk/VItyBabExample", "Expiration" : "2020-01-01T01:00:00Z" }
-
获取 EC2 实例的密码数据:
http://169.254.169.254/latest/meta-data/instance-identity/document 返回json举例 { "metaData": { "self": { "href": "https://ec2.amazonaws.com/" }, "Password": "password" } }
-
获取 EC2 实例的 SSH 公钥:
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key 返回json示例 { "message": "Hello, world!", "data": { "url": "http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key", "key": { "algorithm": "openssh", "size": 2048, "public": true, "private": true, "raw": "d 壹 l4@N+|-sbnW1Ew==" } } }
-
获取 ECS 容器实例的任务定义:
http://169.254.170.2/v2/metadata/<container-id>/task-definition 返回json示例包 { "message": "Hello, world!", "data": { "taskDefinition": { "type": "AWS::EC2::TaskDefinition", "Properties": { "Description": "Test Task Definition", "ImageId": "ami-12345678", "Name": "test-task-definition", "Tags": [ { "Key": "Environment", "Value": "Test" } ] } }, "url": "http://169.254.170.2/v2/metadata/container-id/task-definition" } }
其中
<container-id>
是要获取任务定义的容器 ID。 -
获取 ECS 容器实例的任务元数据:
http://169.254.170.2/v2/metadata/<container-id>/task-with-metadata 返回json包示例 { "message": "Hello, world!", "data": { "taskWithMetadata": { "type": "AWS::EC2::TaskWithMetadata", "Properties": { "ImageId": "ami-12345678", "Name": "test-task-with-metadata", "TaskDefinition": { "type": "AWS::EC2::TaskDefinition", "Properties": { "Description": "Test Task Definition", "ImageId": "ami-12345678", "Name": "test-task-definition", "Tags": [ { "Key": "Environment", "Value": "Test" } ] } }, "Tags": [ { "Key": "Environment", "Value": "Test" } ] } }, "url": "http://169.254.170.2/v2/metadata/container-id/task-with-metadata" } }
其中
<container-id>
是要获取任务元数据的容器 ID。