Securely Access AWS APIs with IAM Roles Anywhere

When you're building applications that run outside AWS, but still need access to AWS services, you need AWS credentials. In years past, you could generate static, long-lived credentials by using an IAM User. However, long-lived credentials are a malicious attacker's best friend. In 2022, AWS released a new IAM feature called IAM Roles Anywhere. The idea behind this service is that you can establish a trust relationship between an application, running outside of AWS, and an IAM Role with limited permissions to AWS services. IAM Roles use short-lived credentials that automatically rotate. These short-lived credentials can be retrieved by authenticating your application with a secure X.509 client certificate instead. In this video, we'll explore how to configure the AWS IAM Roles Anywhere service, so that you can securely run business applications, that need to call AWS APIs, in your own data centers, or on alternative cloud platforms.