🔥 3-day streak
AWS Certified Solutions Architect - Associate33 / 150
Question 33 of 150
A company hires a third-party SaaS monitoring vendor that needs read-only access to CloudWatch metrics in the company's AWS account. The vendor will access the account programmatically from their own AWS account. The security team wants to grant this access without creating long-term IAM user credentials and wants to protect against the 'confused deputy' problem where the vendor could be tricked into accessing the wrong customer's account. What is the MOST secure way to configure this access?
Reviewed for accuracy · Report an issueNext question →