AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A security engineer is tasked with creating an AWS Lambda function that must utilize a role named LambdaAuditRole to assume another role named AcmeAuditFactoryRole in a separate AWS account. During execution, the Lambda function encounters an error: "An error occurred (AccessDenied) when calling the AssumeRole operation." To address this issue, which two of the following actions should the security engineer implement?
Explanation:
To resolve the AccessDenied error when calling the AssumeRole operation, two main steps need to be implemented: (1) Ensure that LambdaAuditRole has the sts:AssumeRole permission for AcmeAuditFactoryRole. This allows the Lambda function to assume the role in the other AWS account. (2) Ensure that the trust policy for AcmeAuditFactoryRole allows the sts:AssumeRole action from LambdaAuditRole. This allows AcmeAuditFactoryRole to be convinced that LambdaAuditRole is allowed to assume it.