AWS Security ChangesHomeSearch

AWS AWSEC2 high security documentation change

Service: AWSEC2 · 2026-06-22 · Security-related high

File: AWSEC2/latest/UserGuide/get-product-code.md

Summary

Updated metadata endpoint from '/latest/dynamic/instance-identity/document' to '/latest/meta-data/product-codes'

Security assessment

Corrects insecure metadata endpoint usage that exposed billingProducts/marketplaceProductCodes. Using dedicated product-codes endpoint reduces attack surface and follows IMDSv2 best practices.

Diff

diff --git a/AWSEC2/latest/UserGuide/get-product-code.md b/AWSEC2/latest/UserGuide/get-product-code.md
index 88319bb9c..b097f7297 100644
--- a//AWSEC2/latest/UserGuide/get-product-code.md
+++ b//AWSEC2/latest/UserGuide/get-product-code.md
@@ -20 +20 @@ Run the following command from your Linux instance.
-        && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/document | grep -E 'billingProducts|marketplaceProductCodes'
+        && curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/product-codes