Unexpected response (401 Unauthorized) when connecting to S3 with credentials from EC2 Instance Metadata with IMDSv2 required

[trecio]

Describe the bug
I'm trying to connect to S3 from an EC2 instance using the "S3 (Credentials from EC2 Instance Metadata)" profile described here https://docs.cyberduck.io/protocols/s3/#connecting-with-temporary-access-credentials-token-from-ec2.
It fails with an error Unexpected response (401 Unauthorized). Please contact your web hosting service provider for assistance.

To Reproduce
Steps to reproduce the behavior:

1. Open Cyberduck and from the main menu select Edit > Preferences ...
2. In preferences window switch to Profiles tab and make sure that "S3 (Credentials from AWS Security Token Service)" is enabled. Close the Preferences window.
3. Change the name of the role as it is described in https://docs.cyberduck.io/protocols/s3/#connecting-with-temporary-access-credentials-token-from-ec2
4. Click on Open Connection button, select "S3 (Credentials from EC2 Instance Metadata)"

Expected behavior
Available S3 buckets should appear.

Screenshots

Desktop (please complete the following information):

• OS: Microsoft Windows Server 2019
• Version 8.6.0 (39818)

Log Files
cyberduck.log

Additional context
EC2 has IMDSv2 required. Does Cyberduck support it?

[dkocher]

The profile uses the address http://169.254.169.254/latest/meta-data/iam/security-credentials/s3access to query the s3access role-name.

If there is an IAM role associated with the instance, role-name is the name of the role, and role-name contains the temporary security credentials associated with the role (for more information, see Retrieve security credentials from instance metadata). Otherwise, not present.