How to resolve aws config non-compliant rules

0

I tried to find problems in the AWS environment through AWS config. The config pack I used is operational-best-practices-for-cis. Many other rules passed as compliant, but one rule iamsupportpolicyinuse-conformance-pack is displayed as out of compliance. Many attempts have been made to change the rule into compliance. The 'aws support access' policy was added to the accounts, groups, and roles used in iam and reevaluated, but it is marked as non-compliant. Is there any other solution?? I will attach an image. Non-compliance policy config rule pack name aws support acces policy added to iam group I added the same policy again to other iam accounts. Add aws support access to role I only added it to roles I created. We added this policy to iam accounts, groups, and roles.

  • Please accept the answer if it was useful for you

asked 2 months ago194 views
1 Answer
2

I've tried it and figured out that attaching IAM policy arn:aws:iam::aws:policy/AWSSupportAccess to IAM user is not enough. I've attached it to one group and one IAM role, reevaluated the AWS Config rule, and it became Compliant

profile picture
EXPERT
answered 2 months ago
profile picture
EXPERT
Artem
reviewed 2 months ago
  • Thank you for answer. But I didn't understand it properly. To all user groups and roles in iam Do I need to attach the arn:aws:iam::aws:policy/AWSSupportAccess policy? The way I did it IAM policy - Check the AWSSupportAccess checkbox - Actions - Connect - Check everything that appears in the IAM entity - Attach policy This will attach the AWSSupportAccess policy to all IAM ROLEs and user groups. Of course, it is only added to the ROLE I created, not the ROLE created by AWS. If you then re-evaluate your AWS CONFIG, it will be marked as non-compliant.

  • You don't need to add AWSSupportAccess policy to ALL IAM users and group 1 user and 1 group is enough

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions