Ensure a support role has been created to manage incidents with AWS Support

MEDIUM

Description

Description:

AWS provides a support center that can be used for incident notification and response, as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support.

Rationale:

By implementing least privilege for access control, an IAM Role will require an appropriate IAM Policy to allow Support Center Access in order to manage Incidents with AWS Support.

Remediation

From Command Line:

Create an IAM role for managing incidents with AWS:

Create a trust relationship policy document that allows to manage AWS incidents, and save it locally as /tmp/TrustPolicy.json:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": ""
},
"Action": "sts:AssumeRole"
}
]
}

Create the IAM role using the above trust policy:

aws iam create-role --role-name --assume-role-policy-document file:///tmp/TrustPolicy.json

Attach 'AWSSupportAccess' managed policy to the created IAM role:

aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AWSSupportAccess --role-name
.

Policy Details

Rule Reference ID: AC_AWS_0553

CSP: AWS

Remediation Available: No

Domain: Identity and Access Management

Resource: aws_iam_role_policy_attachment

Resource Category: Identity and Access Management (IAM)

Resource Type: Policy

Frameworks

CIS Amazon Web Services Foundations v1.3.0 Level 1
CIS Amazon Web Services Foundations v1.4.0 Level 1

Detections

Analytics