AWS - Identity and Access Management
You want to allow a Lambda function in account A to assume a role in account B. What must the trust policy in account B include?
You want to allow a Lambda function in account A to assume a role in account B. What must the trust policy in account B include?
hard📝 Application Q9 of 15
Step-by-Step Solution
Solution:
Step 1: Understand cross-account trust
The trust policy must specify the Lambda execution role ARN from account A as Principal to allow the Lambda function to assume the role.Step 2: Evaluate options
Principal with Lambda execution role ARN from account A correctly specifies the Lambda execution role ARN. Principal with AWS service "lambda.amazonaws.com" only trusts all Lambda service but not cross-account. Principal with IAM user ARN from account A trusts a user, not the Lambda function. Principal with EC2 service ARN trusts EC2, unrelated.Final Answer:
Principal with Lambda execution role ARN from account A -> Option CQuick Check:
Cross-account trust requires specific Principal ARN [OK]
Quick Trick: Cross-account roles need exact Principal ARN of caller [OK]
Common Mistakes:
- Using service name only for cross-account
- Trusting wrong entity type
- Ignoring account ID in ARN
Master "Identity and Access Management" in AWS
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore AWS Quizzes