Posted On: Dec 26, 2023
AWS Identity and Access Management (IAM) Roles Anywhere is now available in the Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich), Israel (Tel Aviv), and Middle East (UAE) AWS Regions. IAM Roles Anywhere enables workloads that run outside of AWS to use X.509 digital certificates to obtain temporary AWS credentials using the same IAM roles and policies that you have configured for your AWS workloads to access AWS resources.
With IAM Roles Anywhere you can use temporary credentials instead of long-lived credentials, which can help improve your security posture. Using IAM Roles Anywhere can reduce support costs and operational complexity by using the same access controls, deployment pipelines, and testing processes across all of your workloads. To get started, you can establish trust between your AWS environment and your public key infrastructure (PKI). You do this by creating a trust anchor where you either reference AWS Private Certificate Authority (AWS Private CA) or register your own certificate authority (CA) with IAM Roles Anywhere. By adding one or more roles to a profile and enabling IAM Roles Anywhere to assume these roles, your workloads can use the client certificate issued by your CA to get temporary credentials to access your AWS environment.
For the full list of AWS Regions where IAM Roles Anywhere is available, visit AWS documentation. IAM Roles Anywhere is available at no additional charge. AWS Private CA standard pricing will apply, when used. To learn more about IAM Roles Anywhere, visit the User Guide or blog post.