CVA CVA Cloud & Virtualization Vulnerabilities

During a cloud environment vulnerability assessment, which service endpoint is commonly targeted to retrieve AWS credentials from an EC2 instance?