Home Security & Health Security Audit AWS IAM support role – Why you should create one?

AWS IAM support role – Why you should create one?

-

Organizations are bleeding money to ensure that their resources are safely deployed on AWS. Cloud security is a box which should be checked off to ensure uninterrupted operations across your cloud infrastructure. AWS IAM is the user management service that plays a major role in managing your cloud security. Following certain security practices for AWS IAM and support roles attached to it will ensure that your resources are safe while you get full AWS support facilities.

Why you should create AWS IAM support role?

As discussed in one of our cloud security blogs, IAM is a web service that enables a user to control access to its AWS resources in a secure manner. AWS Support offers a range of plans that provide access to tools that support the success and operational health of your AWS resources. All support plans provide 24×7 access to customer service, AWS documentation, whitepapers, etc. Users can access the support center through an IAM user. A Support Role is an IAM role that is configured to allow authorized users to manage incidents with AWS Support. It is recommended to ensure that there is an active IAM Support Role available within your AWS account.

How does Centilytics guide you?

Centilytics gives warnings whenever you forget to attach a support access policy to any of your AWS IAM entity. This allows you to take necessary remediations from your AWS management console.

Insight Description:

There can be 2 possible scenarios:

Severity Description
OK This indication is displayed when AWS Support access policy is attached to your IAM account or a support role exists for your AWS account.
CRITICAL This indication is displayed when no AWS support access policy is attached to your IAM account or no support role exists for your AWS account.

 

Description of further columns are as follows:

  1. Account-ID: This column shows the respective account ID of the user’s account.AWS IAM 1
  2. Account Name: This column shows the corresponding account name to the user’s account. AWS IAM 4

Filters applicable:

Filter Name Description
Account Id Applying the account Id filter will display data for the selected account Id.
Severity Applying severity filter will display resources according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for warning and ok severity types
Resource Tags Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production). Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.

 

Compliances covered:

Compliance Name Reference No. Link
CIS 1.1.0 https://d0.awsstatic.com/whitepapers/
compliance/AWS_CIS_Foundations_Benchmark.pdf

 

Read More about AWS support here.

Read About

Cloud