AWS IAM role with external cross-account trust relationship does not use an external ID

Documentos > Datadog Security > OOTB Rules > AWS IAM role with external cross-account trust relationship does not use an external ID

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

To reduce the risk of confused deputy attacks, external vendors should use an external ID when assuming a role in your AWS account.

Rationale

The use of external IDs mitigate the risk of confused deputy attacks.

Remediation

Ensure all external identities use an external ID when assuming a role in your AWS account.