coo.cuu
It looks like the cross account doesn’t need to be a different account from the account the role is created.
I have a userA in account A, and roleA in the same accountA, one can give assume role on roleA to userA using the different account (actually the same account) trust relationship.
Any comments?
1 Answers
anthony.barbieri
This is correct. Definitely a path for privilege escalation if you don’t keep an eye on what account numbers are being added in the trust relationship policy