On our EC2 instances, we only use IMDSv2, so I wonder if that has something to do with using the role that states 401 access is denied. The key connection works using the same policy attached to the user account with an access key and secret access.