This security issue talks about using the metadata api to gain access to aws services.
From what i have seen so far, i am not sure this impacts the s3 archival provider (s3store) temporal/common/archiver/s3store at master · temporalio/temporal · GitHub
Can some one have a look and confirm?