K8s Security Pro
#13 Network Security professional

Block Cloud Metadata

NetworkPolicies that block access to the cloud metadata endpoint (169.254.169.254) to prevent SSRF-based IAM credential theft on AWS, GCP, and Azure.

CIS Benchmark
5.3.2
MITRE ATT&CK
T1552.005

Overview

This template deploys NetworkPolicies that block egress to the cloud instance metadata service (IMDS) at 169.254.169.254. Every major cloud provider (AWS, GCP, Azure) exposes an IMDS endpoint that returns temporary IAM credentials, instance identity, and configuration data. If a pod can reach this endpoint, an attacker can steal cloud credentials and pivot to cloud resources.

Security threat addressed: SSRF-to-credential-theft is one of the most exploited attack paths in cloud-native environments. An attacker exploits a web application vulnerability to query the metadata endpoint and steal IAM credentials.

When to use: Apply to every namespace running application workloads, especially those with internet-facing services or web applications that process user-supplied URLs.

Threat Model

  • SSRF credential theft: The most common cloud attack path: exploit SSRF in a web app to reach 169.254.169.254 and steal IAM role credentials.
  • Lateral movement to cloud: Stolen IAM credentials allow access to S3 buckets, databases, and other cloud services outside the cluster.
  • Multi-cloud coverage: Blocks metadata access on AWS, GCP, Azure, DigitalOcean, and Oracle Cloud.

MITRE ATT&CK:

  • T1552.005 — Cloud Instance Metadata API: SSRF to metadata endpoint steals IAM credentials, enabling cloud resource compromise.

Real-world scenario: A Capital One-style attack: an attacker finds an SSRF vulnerability in a web application, queries http://169.254.169.254/latest/meta-data/iam/security-credentials/, obtains AWS credentials, and accesses S3 buckets containing 100+ million customer records.

YAML Source

# APPROACH 1: Deny egress to cloud metadata endpoint (RECOMMENDED)
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-cloud-metadata
  namespace: default
  labels:
    app.kubernetes.io/name: k8s-security
    app.kubernetes.io/part-of: k8s-security-pro
    app.kubernetes.io/managed-by: k8s-security-pro
spec:
  podSelector: {}
  policyTypes:
    - Egress
  egress:
    - to:
        - ipBlock:
            cidr: 0.0.0.0/0
            except:
              - 169.254.0.0/16
# ... truncated -- get targeted per-workload policy and IPv6 blocking at k8s-security.pro/pricing

Get the complete template with targeted per-workload blocking, AWS IMDSv2 IPv6 endpoint blocking (fd00:ec2::254), and DNS-compatible configurations in the Professional tier.

Installation

kubectl:

kubectl apply -f 13_block_cloud_metadata.yaml

Helm:

helm install k8s-security ./charts/k8s-security -f values-prod.yaml

Kustomize:

kubectl apply -k kustomize/overlays/prod

Verification

# Verify the policy exists
kubectl get networkpolicy deny-cloud-metadata -n <namespace>

# Test that metadata endpoint is blocked (should timeout)
kubectl exec -n <namespace> <pod-name> -- wget -q -O- --timeout=2 http://169.254.169.254/ 2>&1
# Expected: timeout or connection refused

# Test that normal egress still works
kubectl exec -n <namespace> <pod-name> -- wget -q -O- --timeout=2 http://google.com 2>&1

CIS Benchmark References

  • 5.3.2 — Ensure that all Namespaces have NetworkPolicies defined. Blocking cloud metadata is a critical network policy for cloud-hosted clusters.

MITRE ATT&CK References

  • T1552.005 — Cloud Instance Metadata API: SSRF attacks targeting 169.254.169.254 steal IAM credentials, enabling cloud-wide compromise. This policy blocks the attack at the network level.

Further Reading

Get Full Access to This Template

This template is included in the Professional tier and above.

View Pricing Plans
← All Templates Get All Templates →