AI Agent Governance: Auditing an Over-Privileged Agent

Question

Hi, i solved every Task exept 16i reviewed&nbsp;&nbsp;metrolio-finance-agent-rolemetrolio-finance-lambda-roleand the Trust relationshipIdont know what to do, i cant edit the trust policy either.&nbsp;While reviewing the execution role in the IAM console, examine the role's configuration. Check the Trust relationships&nbsp;tab and review which services are permitted to assume this role.Now consider: if Metrolio deployed additional Bedrock agents for other departments (HR, customer service, procurement), and each agent assumed this same execution role, what would happen? This means:Compromising one agent's permissions exposes the permissions of all agents sharing the role.AWS CloudTrail records the shared role ARN as the actor for every action – you can't determine which agent performed a specific action.Non-repudiation is destroyed.

schmitty · Answer

The lab will automatically detect when you complete this task.

s1m0n07 · Answer

I believe it is a bug with the lab, as it does not specify what action to perform. I raised a case with the Immersive on this.

Forum Discussion

AI Agent Governance: Auditing an Over-Privileged Agent

2 Replies

Featured Places

Help

Related Content

Proving Cyber Readiness in an Era of Greater Government Accountability

Kubernetes: Native Logging

New CTI Lab: CVE-2025-9074 (Docker Container Escape): Defensive

Re: Introductions

New CTI Labs: CVE-2025-53770 (ToolShell SharePoint RCE): Offensive and Defensive

Recent Discussions

AI Agent Governance: Auditing an Over-Privileged Agent

Templates do not add systems

AI: Plugin Injection - Demonstrate Your Skills

Ransomware: LockBit

Sign up Code