Add Condition to the Trust Relationship of IAM Role to be from the same account #13124
Description
Is there an existing issue for this?
- I have searched existing issues, it hasn't been reported yet
Use case description
Currently the default IAM role template allows "lambda.amazonaws.com" to Assume STS Role without any restrictions. For security purposes, it would be a good idea to add a condition to this trust relationship that the source account matches the AWS Account ID that the role is deployed in.
Proposed solution (optional)
PR for this incoming soon