I have a fully working example in my blog, which demonstrates it with a CA you create using openssl, and a step-by-step for everything.
Ah now I understand what you mean. The answer is found here: https://aws.amazon.com/blogs/security/extend-aws-iam-roles-to-workloads-outside-of-aws-with-iam-roles-anywhere/
Specifically: "Your application makes an authentication request to IAM Roles Anywhere, sending along its public key (encoded in a certificate) and a signature signed by the corresponding private key. Your application also specifies the role to assume in the request. When IAM Roles Anywhere receives the request, it first validates the signature with the public key, then it validates that the certificate was issued by a trust anchor previously configured in the account. For more details, see the signature validation documentation."
Hope this helps
One thing to add: AWS mentioned the words "CA bundle", and I believe they meant the root CA certificate + any intermediate CA certificate or certificates, all concatenated and BASE64 encoded in one file. This is mentioned here: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaImportCaCert.html
I am not 100% sure if this was your issue, but if the trust anchor is not setup properly, obviously nothing will work. Please let me know if this actually works.
If you try with a real PKI infra, I think it might be easier to setup versus Lets Encrypt, as it will have a domain configured, and all the appropriate CA chain.
I read yesterday that ACM can be tried out for 30 days for free, so that would make things easier for you to implement and try out: https://aws.amazon.com/certificate-manager/pricing/
--private-key is your own private-key.pem file (it wont be sent to AWS).
Identify in-built or default IAM RolesAccepted Answerasked 6 months ago
Using IAM Roles within AWS WorkSpaces (Windows)Accepted Answerasked 8 months ago
How to set up IAM roles/policies to run Fargate tasks inside a step function?asked 4 months ago
Does AWS Roles Anywhere support keys in an enclave?asked a month ago
IAM roles rightsizingAccepted Answerasked 2 months ago
HOW TO set up the required IAM permissions for WorkMail??asked 8 months ago
Using an Intermediate CA with IAM Roles Anywhereasked a month ago
AWS Quicksight Access - via Amazon Active Directory AND IAM Rolesasked 2 months ago
Help setting up IAM Roles AnywhereAccepted Answerasked a month ago
Step by step for IAM Roles Anywhere with your own CA (using openssl) + Cloudformation, CDK ExampleAccepted Answerasked 15 days ago