Our Blog

IAM Roles Anywhere now supports post-quantum digital certificates

Published
March 9, 2026
https://aws.amazon.com/about-aws/whats-new/2026/03/iam-roles-anywhere-post-quantum-digital-certificates

AWS IAM Roles Anywhere Now Supports FIPS 204 ML-DSA

AWS Identity and Access Management (IAM) Roles Anywhere now supports the FIPS 204 Module-Lattice Digital Signature Standard (ML-DSA), a quantum-resistant digital signature algorithm standardized by NIST to protect against quantum computing threats. This feature is particularly useful for customers authenticating workloads using X.509 certificates issued by certificate authorities.

IAM Roles Anywhere allows workloads outside of AWS to obtain temporary AWS credentials using X.509 certificates to access AWS resources. You can now use ML-DSA-signed CA certificates as IAM Roles Anywhere trust anchors and issue end entity certificates bound to ML-DSA keys.

What to do

  • Create a trust anchor using ML-DSA-signed CA certificates.
  • Issue end entity certificates bound to ML-DSA keys.
  • Establish trust between your AWS environment and your PKI.

This feature is available in all AWS Regions where IAM Roles Anywhere is available. To learn more, see the IAM Roles Anywhere User Guide.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2025/11/application-signals-ai-powered-synthetics/

Amazon CloudWatch Application Signals adds AI-powered Synthetics debugging

Amazon CloudWatch Application Signals Model Context Protocol or MCP Server for Application Performance Monitoring (APM) now integrates CloudWatch Synthetics canary monitoring directly into its audit framework, enabling automated, AI-powered debugging of synthetic monitoring failures
Read more
https://aws.amazon.com/about-aws/whats-new/2025/11/cloudwatch-database-insights-cross-account-region-monitoring

CloudWatch Database Insights adds cross-account cross-region monitoring

Amazon CloudWatch Database Insights now supports cross-account and cross-region database fleet monitoring, enabling centralized observability across your entire AWS database infrastructure
Read more
https://aws.amazon.com/about-aws/whats-new/2025/11/aws-iot-core-location-resolution-capabilities-amazon-sidewalk-enabled-devices

AWS IoT Core adds location resolution capabilities for Amazon Sidewalk enabled devices

AWS IoT Core Device Location announces location resolution capabilities for Internet of Things (IoT) devices connected to Amazon Sidewalk network, enabling developers to build asset tracking and geo-fencing applications more efficiently by eliminating the need for GPS hardware in low-power devices
Read more
View all