This lab is currently in Beta, content may be updated as we refine the material
LABADVANCED

IAM Cross-Account Access and Audit

Build cross-account IAM access patterns with trust policies, permission boundaries, role assumption testing, and CloudTrail audit dashboards -- the SAP-C02 identity federation and access analysis pattern essential for Domain 3 (Design Secure Architectures).

45 minutes
cloud/aws
IAM Cross-Account Access and Audit - Platform Engineering Hands-On Lab Icon

Lab Overview

Implement a complete cross-account IAM access architecture following AWS security best practices. Create IAM roles with cross-account trust policies requiring ExternalId conditions, implement permission boundaries that constrain even admin-level access, test role assumption patterns including proper and denied scenarios, and build CloudWatch alarms and dashboards to audit access patterns via CloudTrail. Validate the full pipeline -- the identity federation and access audit pattern essential for SAP-C02 Domain 3.

What You'll Learn

Create IAM roles with cross-account trust policies and ExternalId conditions

Implement permission boundaries that constrain role permissions

Test STS role assumption with proper and denied scenarios

Audit access patterns using CloudTrail lookup and CloudWatch dashboards

Prerequisites

Understanding of AWS IAM roles, policies, and trust relationships

Familiarity with STS AssumeRole operation

Basic knowledge of CloudTrail and CloudWatch

Comfortable with AWS CLI

Technologies Covered

awssap-c02iamcross-accountsecuritycloudtrailcloudwatchpermission-boundary

Choose your plan

Simple, Transparent Pricing

Unlock full access to TeKanAid courses, labs, and bootcamps

Buying for a team? Private corporate training is available for up to 15 learners.View team training
MonthlyQuarterly

Pro

Course content without labs

$59/month

Renews automatically. Cancel anytime.

Final price verified at checkout.

  • Full access to all courses
  • Progress tracking
  • Certificate of completion
  • Community access
  • Bootcamp participation
  • New content access
Recommended

Premium

Full access with hands-on labs

$99/month

Renews automatically. Cancel anytime.

Final price verified at checkout.

  • Everything in Pro
  • Unlimited hands-on labs
  • Lab AI Assistant
  • Accelerator bootcamps with live office hours
  • Priority support
Get Access Now

Prefer a single course?

Purchase individual courses for a one-time fee of $79. Full access to course content, quizzes, certificates, and community features, lab access is not included.

Browse Courses

Try it free, no credit card

Three free ways to start. All bridge into the paid Premium catalog when you're ready.

▶ Start with free courses and labs🧩 Solve your first free puzzle📧 Get the free 7-day crash course

Not ready to commit? The crash course is email-only. No academy account required.

Ready to Get Started?

Start this hands-on lab and build real-world Platform Engineering skills

Get Access Now