AWS rolesanywhere documentation change
Summary
Explicitly stated that CreateSession API access is allowed by default in VPC endpoint policies
Security assessment
Clarifies default permissions for a critical API method in VPC endpoint configurations, helping users understand access control requirements. This is a security documentation improvement but does not address a specific disclosed vulnerability.
Diff
diff --git a/rolesanywhere/latest/userguide/vpc-interface-endpoints.md b/rolesanywhere/latest/userguide/vpc-interface-endpoints.md index 630c1be6e..59803e5d1 100644 --- a//rolesanywhere/latest/userguide/vpc-interface-endpoints.md +++ b//rolesanywhere/latest/userguide/vpc-interface-endpoints.md @@ -25 +25 @@ VPC endpoint policies are supported for IAM Roles Anywhere on all API methods ex -By default, full access to IAM Roles Anywhere is allowed through the endpoint. For more information, see [Controlling access to services with VPC endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html) in the _Amazon VPC User Guide_. +Full access to IAM Roles Anywhere is allowed through the endpoint by default, including `CreateSession`. For more information, see [Controlling access to services with VPC endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html) in the _Amazon VPC User Guide_.