[luxoria]

>Grab ssh private keys from autoprovisioned EC2 user’s home directory using 301 redirect to file URI (after all, we’re running as root, we can read them).

This is not a fair assumption to make. Maybe they are running a LSM like AppArmor.

[skarap]

What is more important - the existence of SSH private keys on the EC2 instances us unlikely... There is chance there are SSH private keys there, but they would most probably be SSH deploy keys for some private repo (configuration management, software).