AWS Security ChangesHomeSearch

AWS rolesanywhere medium security documentation change

Service: rolesanywhere · 2025-03-05 · Security-related medium

File: rolesanywhere/latest/userguide/getting-started.md

Summary

Added link to trust policy examples in security recommendation

Security assessment

The change adds a reference to trust policy examples that enforce certificate validation conditions. This directly relates to security best practices for limiting role assumption privileges.

Diff

diff --git a/rolesanywhere/latest/userguide/getting-started.md
index f1eb4598f..c9e0f900f 100644
--- a/rolesanywhere/latest/userguide/getting-started.md
+++ b/rolesanywhere/latest/userguide/getting-started.md
@@ -110 +110 @@ Before you can create an IAM Roles Anywhere profile, you need at least one IAM r
-Without a `Condition` statement present in a role trust policy, any valid certificate from the CA used as the trust anchor, or CAs subordinate to that trust anchor may be used to assume a role via IAM roles anywhere. We recommend you use `Condition` statements on both the subject and issuer attributes to ensure that only certificates that you intend to be able to assume a role can do so. 
+Without a `Condition` statement present in a role trust policy, any valid certificate from the CA used as the trust anchor, or CAs subordinate to that trust anchor may be used to assume a role via IAM roles anywhere. We recommend you use `Condition` statements on both the subject and issuer attributes to ensure that only certificates that you intend to be able to assume a role can do so. For examples, see [Trust policy](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/trust-model.html#trust-policy).