IAM Roles Anywhere: VPC Endpoint Policies Now Enforce CreateSession API

AI Impact Summary

IAM Roles Anywhere has expanded its VPC endpoint policy enforcement to include the CreateSession API. Previously, these policies only applied to other API operations, creating a security gap. Now, you must explicitly define Allow statements in your VPC endpoint policies to permit CreateSession operations, or all rolesanywhere API calls will be denied. This change impacts any workload using the CreateSession API to obtain temporary credentials via X.509 certificates, requiring immediate review and adjustment of your VPC configurations.