Certified Security - Specialty

Sign Up Free or Log In to participate!

STS: Assume Role : Cross Account

It looks like the cross account doesn’t need to be a different account from the account the role is created.

I have a userA in account A,  and roleA in the same accountA, one can give assume role on roleA to userA using the different account (actually the same account) trust relationship.

Any comments?

1 Answers

This is correct. Definitely a path for privilege escalation if you don’t keep an eye on what account numbers are being added in the trust relationship policy

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?