Welcome - IAM Roles Anywhere
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Amazon Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers, and applications that run outside of Amazon to obtain temporary Amazon credentials. Your workloads can use the same IAM policies and roles you have for native Amazon applications to access Amazon resources. Using IAM Roles Anywhere eliminates the need to manage long-term credentials for workloads running outside of Amazon.

To use IAM Roles Anywhere, your workloads must use X.509 certificates issued by their certificate authority (CA). You register the CA with IAM Roles Anywhere as a trust anchor to establish trust between your public key infrastructure (PKI) and IAM Roles Anywhere. If you don't manage your own PKI system, you can use Amazon Private Certificate Authority to create a CA and then use that to establish trust with IAM Roles Anywhere.


Amazon Private Certificate Authority is not supported in your region. It cannot be used to establish trust.

This guide describes the IAM Roles Anywhere operations that you can call programmatically. For more information about IAM Roles Anywhere, see the IAM Roles Anywhere User Guide.

This document was last published on June 17, 2024.