Fetch-url-http-3a-2f-2fmetadata.google.internal-2fcomputemetadata-2fv1-2finstance-2fservice Accounts-2f

Here is what you need to know about this specific URL path.

– Do not use the default compute engine service account with broad cloud-platform scope. Create dedicated service accounts with least privilege. Here is what you need to know about this specific URL path

The string arrived at the application layer. The WAF saw a jumble of symbols ( %3A , %2F ) and didn't trigger a block. It passed the packet through. Here is what you need to know about this specific URL path

/computeMetadata/v1/instance/service-accounts/default/token Result: A JSON object containing an access_token you can use in Authorization headers. Here is what you need to know about this specific URL path

"access_token": "ya29.c.b0Aa...", "expires_in": 3600, "token_type": "Bearer"