Answer-first summary for fast verification
Answer: Ensure that LambdaAuditRole has the sts:AssumeRole permission for AcmeAuditFactoryRole., Ensure that the trust policy for AcmeAuditFactoryRole allows the sts:AssumeRole action from LambdaAuditRole.
To resolve the AccessDenied error when calling the AssumeRole operation, two main steps need to be implemented: (1) Ensure that LambdaAuditRole has the sts:AssumeRole permission for AcmeAuditFactoryRole. This allows the Lambda function to assume the role in the other AWS account. (2) Ensure that the trust policy for AcmeAuditFactoryRole allows the sts:AssumeRole action from LambdaAuditRole. This allows AcmeAuditFactoryRole to be convinced that LambdaAuditRole is allowed to assume it.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A security engineer is tasked with creating an AWS Lambda function that must utilize a role named LambdaAuditRole to assume another role named AcmeAuditFactoryRole in a separate AWS account. During execution, the Lambda function encounters an error: "An error occurred (AccessDenied) when calling the AssumeRole operation." To address this issue, which two of the following actions should the security engineer implement?
A
Ensure that LambdaAuditRole has the sts:AssumeRole permission for AcmeAuditFactoryRole.
B
Ensure that LambdaAuditRole has the AWSLambdaBasicExecutionRole managed policy attached.
C
Ensure that the trust policy for AcmeAuditFactoryRole allows the sts:AssumeRole action from LambdaAuditRole.
D
Ensure that the trust policy for LambdaAuditRole allows the sts:AssumeRole action from the lambda.amazonaws.com service.
E
Ensure that the sts:AssumeRole API call is being issued to the us-east-1 Region endpoint.
No comments yet.