AWS IAM Roles Anywhere
A couple years back I wrote a post to share how to create AWS instance profile for on-premise servers. That was to use SSM agent and Lambda function to manage the IAM credentials for the on-premise servers. Starting early this month, the AWS native solution for such use cases are available — AWS IAM Role Anywhere.
Simply speaking, IAM roles anywhere enables anyone/server to assume an IAM role via a pair of certificates that are issued by the trusted private CA in ACM.
The basic steps are like: