🔥 3-day streak
AWS Certified Security - Specialty165 / 184
Question 165 of 184
A SaaS monitoring vendor needs read-only access to metrics in your AWS account. The vendor instructs you to create an IAM role that trusts the vendor's AWS account ID so their service can call sts:AssumeRole into your account. Your security team is concerned that another customer of the same vendor could trick the vendor's service into accessing your account. Which configuration best mitigates this confused deputy risk while allowing the vendor's access?
Reviewed for accuracy · Report an issueNext question