AWS cross-account TL;DR: Trust-policy ExternalId, wildcard principals, RAM-shared resources as a pivot vector. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO