The Accounting Department at Example Corp

The Accounting department at Example Corp. has made a decision to hire a third-party firm, AnyCompany, to monitor Example Corp.'s AWS account to help optimize costs. The Security Engineer for Example Corp. has been tasked with providing AnyCompany with access to the required Example Corp. AWS resources. The Engineer has created an IAM role and granted permission to AnyCompany's AWS account to assume this role. When customers contact AnyCompany, they provide their role ARN for validation. The Engineer is concerned that one of AnyCompany's other customers might deduce Example Corp.'s role ARN and potentially compromise the company's account. What steps should the Engineer perform to prevent this outcome?

A) Create an IAM user and generate a set of long-term credentials. Provide the credentials to AnyCompany. Monitor access in IAM access advisor and plan to rotate credentials on a recurring basis.
B) Request an external ID from AnyCompany and add a condition with sts:Externald to the role's trust policy. Request an external ID from AnyCompany and add a condition with sts:Externald to the role's trust policy.
C) Require two-factor authentication by adding a condition to the role's trust policy with aws:MultiFactorAuthPresent. Require two-factor authentication by adding a condition to the role's trust policy with aws:MultiFactorAuthPresent.
D) Request an IP range from AnyCompany and add a condition with aws:SourceIp to the role's trust policy. Request an IP range from AnyCompany and add a condition with aws:SourceIp

Correct Answer:

Verified

Unlock this answer now
Get Access to more Verified Answers free of charge

Access For Free