An IAM role has not been created to manage incidents with AWS Support
Description
AWS provides a support center that can be used for incident notification and response, as well as technical support and customer services. By implementing least privilege for access control, an IAM role will require an appropriate IAM Policy to allow Support Center Access in order to manage Incidents with AWS Support.
We recommend you create an IAM role to allow authorized users to manage incidents with AWS Support.
Fix - Runtime
Procedure
Use the Amazon unified command line interface to create an IAM role for managing incidents with AWS.
Create a trust relationship policy document that allows \<iam_user> to manage AWS incidents. Save this document locally as /tmp/TrustPolicy.json:.
{
Version: 2012-10-17,
Statement: [
{
Effect: Allow,
Principal: {
AWS: "IAM_USER"
},
Action: sts:AssumeRole
}
]
}
Create the IAM role using the above trust policy:
aws iam create-role --role-name <aws_support_iam_role>
--assume-role- policy-document file:///tmp/TrustPolicy.json
Attach 'AWSSupportAccess' managed policy to the created IAM role:
aws iam attach-role-policy
--policy-arn <iam_policy_arn> --role-name <aws_support_iam_role>