AWS Security ChangesHomeSearch

AWS rolesanywhere documentation change

Service: rolesanywhere · 2025-04-11 · Documentation low

File: rolesanywhere/latest/userguide/vpc-interface-endpoints.md

Summary

Explicitly stated that CreateSession API access is allowed by default in VPC endpoint policies

Security assessment

Clarifies default permissions for a critical API method in VPC endpoint configurations, helping users understand access control requirements. This is a security documentation improvement but does not address a specific disclosed vulnerability.

Diff

diff --git a/rolesanywhere/latest/userguide/vpc-interface-endpoints.md b/rolesanywhere/latest/userguide/vpc-interface-endpoints.md
index 630c1be6e..59803e5d1 100644
--- a//rolesanywhere/latest/userguide/vpc-interface-endpoints.md
+++ b//rolesanywhere/latest/userguide/vpc-interface-endpoints.md
@@ -25 +25 @@ VPC endpoint policies are supported for IAM Roles Anywhere on all API methods ex
-By default, full access to IAM Roles Anywhere is allowed through the endpoint. For more information, see [Controlling access to services with VPC endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html) in the _Amazon VPC User Guide_.
+Full access to IAM Roles Anywhere is allowed through the endpoint by default, including `CreateSession`. For more information, see [Controlling access to services with VPC endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html) in the _Amazon VPC User Guide_.