🔥 3-day streak
AWS Certified Security - Specialty147 / 157
Question 147 of 157
A security engineer builds a cross-account automation tool that runs on an on-premises server. The tool calls sts:AssumeRole to obtain temporary credentials for a role in a target AWS account, then uses those credentials to call S3 APIs. Intermittently, calls fail with a SignatureDoesNotMatch error citing that the request timestamp is too far from the current time, and occasionally AssumeRole itself is rejected. The IAM policies and trust relationships have been verified as correct. What is the MOST likely root cause and the appropriate remediation?
Reviewed for accuracy · Report an issueNext question