IAM Roles Anywhere is a feature of the AWS Identity and Access Management (IAM) service that enables you to use AWS roles and policies to manage access to your AWS resources from outside of AWS. Using IAM Roles Anywhere means you don't have to issue and manage long-lived credentials for non-AWS workloads, reducing your access management burden and increasing your security posture.

Learning how to configure and use IAM Roles Anywhere will benefit anyone looking to use AWS resources from other environments, such as on-premise servers or other cloud providers.

In this hands-on lab, you will use a self-signed certificate authority to issue a client certificate, and you will use it to assume a role that you configure for use with IAM Roles Anywhere.

Learning objectives

Upon completion of this beginner-level lab, you will be able to:

• Use OpenSSL to generate a client certificate and key
• Create an IAM role for use with IAM Roles Anywhere
• Create a trust anchor resource
• Use the trust anchor and client cert to obtain temporary credentials for your role

Intended audience

• Students preparing to complete the Security pillar of the AWS Well-Architected Framework
• Cloud Architects
• Data Engineers
• DevOps Engineers
• Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• AWS Identity and Access Management (IAM)
• IAM Roles Anywhere
• The Bash command line

The following content can be used to fulfill the prerequisites:

• Using IAM Policies to Define and Manage Permissions
• Linux Command Line Byte Session