Posted On: Mar 25, 2024

You can now use AWS Identity and Access Management (IAM) Roles Anywhere to obtain temporary security credentials for workloads that run outside of AWS that are valid for up to 12 hours. You can use those temporary security credentials to sign and authenticate any AWS request. Previously, the temporary security credentials vended by IAM Roles Anywhere were valid for up to 1 hour. Now, you have the ability to optimize the number of CreateSession requests made to IAM Roles Anywhere by extending the credentials validity for a longer duration to meet your business needs. The duration can range from 15 minutes to 12 hours, with a default value of 1 hour.

IAM Roles Anywhere enables workloads that run outside of AWS, such as servers, containers, and applications, to use X.509 digital certificates to obtain temporary AWS credentials using the same IAM roles and policies that you have configured for your AWS workloads to access AWS resources.

To see AWS Regions where IAM Roles Anywhere is available, visit AWS documentation. To learn more about IAM Roles Anywhere, visit the User Guide, and read this blog post for guidance on how to get started and common use cases.