EC2 user data scripts are meant for bootstrapping instances, but they frequently contain hardcoded credentials and secrets. AWS even warns against this practice since the data has no authentication or encryption protecting it.

If you compromise an EC2 instance, grab the user data immediately via the metadata service. Got IAM access instead? Use describe-instance-attribute to pull it from the API.

https://hackingthe.cloud/aws/general-knowledge/introduction_user_data/?mtm_campaign=social_mastodon