Cross-account role trust policies should trust AWS accounts, not roles

What does trusting a principal protect against?

  1. Access to a principal in the source account (other than the source role)
  2. The principal does not have AssumeRole with resource * (never do that!)
  3. Access to change that principal’s policy to allow AssumeRole on the destination role. Note this likely implies the ability to allow AssumeRole on the source role in the same account.
  4. The source role’s trust policy does not allow this principal to assume it.
  5. The principal cannot change the source role’s trust policy.

Narrowly-scoped trust policies can be misleading

When trusting a principal is okay

--

--

--

Cloud Robotics Research Scientist at @iRobot

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

M2M Day 61 — How I’m extracting the data

HackTheBox Write-Up — Poison

Stop using “pip freeze” for your Python projects

Interfaces and Abstract classes

Deploying Nextcloud On AWS Using Amazon EKS

Uncovering the Top Challenges and Opportunities in CI/CD

My Hackathon Journey So Far (Series 1)

Creating Build and Release Pipeline in Azure DevOps

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ben Kehoe

Ben Kehoe

Cloud Robotics Research Scientist at @iRobot

More from Medium

Why Encrypting Your CloudWatch Logs With KMS Is Easier Than You Think

AWS Nuke without destroying SSO

A Brief Introduction to AWS Assume Role

What is AWS Private 5G & Is AWS Competing with Telcos?