A method may include transmitting a request for metadata associated with a compute instance and receiving, by a computing system, metadata associated with the compute instance signed with a private key. The private key may be associated with a public key. The method may include receiving a request to access a cloud resource and transmitting the request for the metadata. The method may also include receiving the metadata. The metadata may indicate that the compute instance is hosted on the computing system. The method may also include transmitting, to an instance principal service, a request for an instance principal certificate. The request may include the metadata signed with the private key and be cryptographically verified by the instance principal service using the public key. The method may also include receiving the instance principal certificate and providing access to the could resource based on the instance principal certificate.