Advanced AWS / Cloud Computing
Q93 / 100

How does "cross-account IAM role assumption" work, and what is the purpose of an "external ID" in this context?

Correct! Well done.

Incorrect.

The correct answer is A) A role in one account can define a trust policy letting a principal in another assume it via AssumeRole (STS), getting temporary credentials; an external ID is a shared secret the trusting account requires, preventing the "confused deputy" problem

A

Correct Answer

A role in one account can define a trust policy letting a principal in another assume it via AssumeRole (STS), getting temporary credentials; an external ID is a shared secret the trusting account requires, preventing the "confused deputy" problem

Explanation

STS AssumeRole lets a trusted principal obtain temporary credentials for a role in another account; external IDs add an extra layer of verification, commonly used by SaaS providers to ensure they're only assuming roles intended for their specific customer relationship, mitigating confused-deputy attacks.

Previous All Questions Next
Progress
93/100
☁️

Browse All AWS / Cloud Computing Questions

100 questions · beginner to advanced