Curl-url-http-3a-2f-2f169.254.169.254-2flatest-2fapi-2ftoken Extra Quality -

And it would in plaintext. No authentication, no token, no headers. Any process on the VM — including a compromised web application — could get admin keys.

curl -X PUT "http://169.254.169" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" 2. The Two-Step Authentication "Piece" curl-url-http-3A-2F-2F169.254.169.254-2Flatest-2Fapi-2Ftoken