1 Answer
- Newest
- Most votes
- Most comments
2
I've tried it and figured out that attaching IAM policy arn:aws:iam::aws:policy/AWSSupportAccess
to IAM user is not enough. I've attached it to one group and one IAM role, reevaluated the AWS Config rule, and it became Compliant
Relevant content
- asked 9 months ago
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 4 years ago
Thank you for answer. But I didn't understand it properly. To all user groups and roles in iam Do I need to attach the arn:aws:iam::aws:policy/AWSSupportAccess policy? The way I did it IAM policy - Check the AWSSupportAccess checkbox - Actions - Connect - Check everything that appears in the IAM entity - Attach policy This will attach the AWSSupportAccess policy to all IAM ROLEs and user groups. Of course, it is only added to the ROLE I created, not the ROLE created by AWS. If you then re-evaluate your AWS CONFIG, it will be marked as non-compliant.
You don't need to add AWSSupportAccess policy to ALL IAM users and group 1 user and 1 group is enough