AWS Support Center Not Available to IAM Users

Overview

The AWS managed policy 'AWSSupportAccess' is not attached to an IAM user, group, or role in your AWS account. The CIS Benchmarks for AWS require that a support role exists with access to the AWS Support Center, and specifically recommend doing so by attaching the 'AWSSupportAccess' managed policy to one or more IAM groups.

It is possible to provide equivalent access without using this policy, but you may need to document how you do so while adhering to the principle of least privilege for audit purposes. The AWS Support Center is an important tool for reporting issues, and receiving security and operational notifications. Operations and security teams should have access to the AWS Support Center, without using the root user for the account.

Remediation details: You can remediate this issue by attaching the 'AWSSupportAccess' Policy to one or more IAM user groups that should have access to view and create support tickets in the AWS Support Center. The AWS IAM User Guide provides directions on how to attach policies to IAM user groups using the console, CLI, and API.

Vendor

AWS

Cloud Service

IAM

CIS AWS v1.5.0 1.17, IAM.18

References

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_attach-policy.html, https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html

Severity

Item Types

Custom::AWS::IAM::Account

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​