Answer: In the company's AWS account, create an IAM role that trusts the auditors' AWS account. Create an IAM policy that has the required permissions. Attach the policy to the role. Assign a unique external ID to the role's trust policy.

Answer B Explanation: Creating an IAM role that trusts the auditors' AWS account and assigning a unique external ID to the role's trust policy is the correct approach for several reasons: 1. **Security Best Practices**: This method aligns with AWS security best practices by leveraging IAM roles for cross-account access. It ensures that you do not need to share long-term credentials (such as access keys), as roles provide temporary security credentials. 2. **Cross-Account Access**: By creating an IAM role that trusts the auditors' AWS account, you establish a trust relationship that lets the auditors assume the role. This means that auditors can use their own AWS account to gain the necessary permissions in a controlled manner. 3. **Read-Only Access**: You can create an IAM policy with read-only permissions tailored to the auditors' needs and attach that policy to the role. This limits their access rights and follows the principle of least privilege. 4. **Unique External ID**: Assigning a unique external ID in the role's trust policy is a security measure that mitigates the risk of a confused deputy attack. It ensures that only the designated auditors from the specified AWS account can assume the role. This setup provides a secure, temporary, and auditable way to grant the necessary read-only access to external auditors without compromising security best practices.

Author: LeetQuiz Editorial Team