IAM Roles Anywhere adds VPC endpoint policy control
🔒 IAM Roles Anywhere now lets you include the CreateSession API in VPC endpoint policies, enabling explicit allow or deny controls for session creation through endpoints. If CreateSession isn't explicitly allowed (or you don't permit all operations, e.g., "rolesanywhere:*"), requests made via the VPC endpoint will not return temporary AWS credentials. This closes a prior gap and delivers consistent, fine‑grained access control across all IAM Roles Anywhere API operations, available in all regions including GovCloud, European Sovereign Cloud, and China.
