Answer-first summary for fast verification
Answer: Update the trust policy on the role in the target account to be:
The correct answer is B. To allow a user to assume a role in a different AWS account, the trust policy of the IAM role in the target account must allow the role in the identity account to assume it. This means that the role in the target account (JobFunctionRole) must have a trust policy that specifies the role (IdentityRole) in the identity account as a trusted principal. Therefore, updating the trust policy on the role in the target account to specify the role in the identity account as a trusted principal will enable the user to assume the appropriate role in the target account.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company employs identity federation to authenticate users into an identity account (987654321987), where they assume an IAM role named IdentityRole. Subsequently, users attempt to assume an IAM role named JobFunctionRole in the target AWS account (123456789123) to fulfill their job responsibilities. However, a user encounters an issue and is unable to assume the IAM role in the target account. What corrective action should be taken to facilitate the user's ability to assume the appropriate role in the target account?
A
Update the IAM policy attached to the role in the identity account to be:
B
Update the trust policy on the role in the target account to be:
C
Update the trust policy on the role in the identity account to be:
D
Update the IAM policy attached to the role in the target account to be:
No comments yet.