What is SSRF and why is it especially dangerous in cloud environments?

Server-Side Request Forgery tricks a server into making requests to attacker-chosen destinations. In cloud it's severe because the server can reach internal services and the instance metadata endpoint (e.g. 169.254.169.254) to steal credentials. Defenses: allow-list outbound hosts, block link-local/internal ranges, disable unused URL schemes, and require IMDSv2.