Ensure there is an active Amazon IAM Support Role created for your AWS account. A Support Role is an IAM role configured to allow authorized users to manage incidents with AWS Support.
This rule can help you with the following compliance standards:
- CISAWSF
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Implementing the Principle of Least Privilege (POLP) by giving the IAM Support Role the minimal set of actions required to perform successfully the desired task (i.e. manage incidents) is very important because only the IAM user that will assume the Support Role will be able to access the AWS Support Center and no one else.
Audit
To check your AWS cloud account for the IAM Support Role, perform the following actions:
Remediation / Resolution
To create an Amazon IAM Support Role and configure the role to allow only authorized users to manage incidents with AWS Support, perform the following actions:
Note: Creating and configuring an IAM Support Role using AWS Management Console is not currently supported.References
- AWS Documentation
- IAM Best Practices
- IAM Roles
- Creating a Role to Delegate Permissions to an IAM User
- IAM Users
- Creating an IAM User in Your AWS Account
- Managed Policies and Inline Policies
- AWS Command Line Interface (CLI) Documentation
- iam
- list-policies
- list-entities-for-policy
- create-user
- create-role
- attach-role-policy