AWS EC2 instances that have IMDSv1 enabled are vulnerable to server side request forgery (SSRF) attacks.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/configuring-instance-metadata-service.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/instance#metadata_options