AWS Identity and Access Management (IAM) Roles Anywhere now provides the capability to configure Virtual Private Cloud (VPC) endpoint policies for the IAM Roles Anywhere CreateSession API. You can update your VPC endpoint policies to allow or deny the CreateSession operation. If CreateSession is not explicitly included in the Allow statement of your VPC endpoint policy or if you don’t allow all operations (for example, by specifying “rolesanywhere:*“ as the action), IAM Roles Anywhere will not return temporary AWS credentials for requests made through your VPC endpoint.
The CreateSession API enables workloads running outside of AWS to obtain temporary AWS credentials using X.509 certificates to access AWS resources. Previously, VPC endpoint policies applied to all IAM Roles Anywhere API operations except CreateSession. This launch closes that gap, giving you consistent, fine-grained access control across all IAM Roles Anywhere API operations.
This feature is available in all AWS Regions where IAM Roles Anywhere is available, including the AWS GovCloud (US) Regions, AWS European Sovereign Cloud (Germany) Region, and China Regions. To learn more, see the IAM Roles Anywhere User Guide.
Categories: general:products/aws-iam,marketing:marchitecture/security-identity-and-compliance
Source: Amazon Web Services
Latest Posts
- Learning Agent in Microsoft 365 Copilot to become generally available [MC1319212]
- Interact with your favorite apps on Teams using Slash ( / ) Commands [MC1319214]
- Microsoft Teams: In‑meeting toggle to turn Meeting AI on or off [MC1319216]
- Microsoft Outlook: External email tag now supported in Inbox Rules [MC1319208]
