🔥 3-day streak
AWS Certified SysOps Administrator - Associate95 / 150
Question 95 of 150

A SysOps administrator is configuring an IAM role that a third-party SaaS monitoring vendor will assume to read CloudWatch metrics in the company's AWS account. The vendor manages a single AWS account that they use to access many of their customers' accounts. The security team is concerned that another of the vendor's customers could trick the vendor into accessing this company's account. Which configuration best mitigates this confused deputy risk?

Reviewed for accuracy · Report an issueNext question