AWS Security ChangesHomeSearch

AWS rolesanywhere documentation change

Service: rolesanywhere · 2025-10-19 · Documentation low

File: rolesanywhere/latest/userguide/trust-model.md

Summary

Added important note about AWS Private CA trust anchor validity period updates

Security assessment

Reinforces security best practices for certificate management but does not indicate a resolved security flaw.

Diff

diff --git a/rolesanywhere/latest/userguide/trust-model.md b/rolesanywhere/latest/userguide/trust-model.md
index 0830dd604..835d75797 100644
--- a//rolesanywhere/latest/userguide/trust-model.md
+++ b//rolesanywhere/latest/userguide/trust-model.md
@@ -89,0 +90,4 @@ Certificates used as trust anchors must satisfy the same requirements for signat
+###### Important
+
+For AWS Private CA trust anchors, only the validity period can be modified after creation. When the validity period changes, you must call UpdateTrustAnchor to register this change. IAM Roles Anywhere honors certificates based on the validity period found during the most recent TrustAnchor Create/Update event.
+