This repo has Terraform code to create an AWS Private CA with a S3 bucket, an AWS RolesAnywhere Trust Anchor and a Profile and an IAM Role with AmazonS3ReadOnlyAccess policy.
Check the variables in terraform.tfvar and change them to suit you.
NOTE: AWS Private CA costs 300e ($400) a month. Only first one is free for 30 days. If you create one, then delete it, and then create new one, you will be charged.
Plan first
terraform plan -out tf.planIf all looks good, then apply the plan
terraform apply tf.planAnd to remove all services and configs
terraform destroyThis is for an article on How to use AWS Roles Anywhere