Zone of trust = accounts, organizations that you own

Outside Zone of Trust = third parties

For granting access to a third party

• The third party AWS account ID
• External ID(secret between you and the third party)
  • To unique associate with the role between you and third party
  • Must be provided when defining the trust and when assuming the role
  • Must be chosen by the third party
• Define permissions in the IAM policy

The confused deputy