This detection rule identifies the creation of an AWS IAM Roles Anywhere Trust Anchor that utilizes an external certificate authority, which is potentially unauthorized. AWS IAM Roles Anywhere is a feature that allows administrators to create profiles for secure access from various locations. However, the use of external certificate authorities not managed by AWS Certificate Manager Private Certificate Authority (ACM PCA) poses a risk, as adversaries may attempt to establish persistence in the environment via these trust anchors. The rule aids in identifying such unauthorized activities and emphasizes the need for careful scrutiny of any trust anchors created under these conditions. It includes thorough investigation steps, false positive analysis, and recommended responses to detected incidents.