# AWSSecurityIncidentResponseFullAccess
**Description**: Policy provides customers with Read and Write permissions to all resources associated to the Security Incident Response service.
`AWSSecurityIncidentResponseFullAccess` is an [AWS managed policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies).
## Using this policy
You can attach `AWSSecurityIncidentResponseFullAccess` to your users, groups, and roles.
## Policy details
+ **Type**: AWS managed policy
+ **Creation time**: December 01, 2024, 23:21 UTC
+ **Edited time:** February 12, 2026, 18:02 UTC
+ **ARN**: `arn:aws:iam::aws:policy/AWSSecurityIncidentResponseFullAccess`
## Policy version
**Policy version:** v3 (default)
The policy's default version is the version that defines the permissions for the policy. When a user or role with the policy makes a request to access an AWS resource, AWS checks the default version of the policy to determine whether to allow the request.
## JSON policy document
```
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "SecurityIRReadAccess",
"Effect" : "Allow",
"Action" : [
"security-ir:BatchGetMemberAccountDetails",
"security-ir:GetMembership",
"security-ir:ListMemberships",
"security-ir:GetCase",
"security-ir:ListCases",
"security-ir:GetCaseAttachmentDownloadUrl",
"security-ir:ListComments",
"security-ir:ListCaseEdits",
"security-ir:ListTagsForResource"
],
"Resource" : "*"
},
{
"Sid" : "SecurityIRWriteAccess",
"Effect" : "Allow",
"Action" : [
"security-ir:CreateMembership",
"security-ir:UpdateMembership",
"security-ir:CancelMembership",
"security-ir:CreateCase",
"security-ir:UpdateCase",
"security-ir:CloseCase",
"security-ir:UpdateCaseStatus",
"security-ir:UpdateResolverType",
"security-ir:GetCaseAttachmentUploadUrl",
"security-ir:CreateCaseComment",
"security-ir:UpdateCaseComment",
"security-ir:TagResource",
"security-ir:UntagResource"
],
"Resource" : "*",
"Condition" : {
"Bool" : {
"aws:MultiFactorAuthPresent" : "true"
}
}
},
{
"Sid" : "AllowCreationOfServiceLinkedRoleForSecurityIncidentResponse",
"Effect" : "Allow",
"Action" : [
"iam:CreateServiceLinkedRole"
],
"Resource" : [
"arn:aws:iam::*:role/aws-service-role/security-ir.amazonaws.com/AWSServiceRoleForSecurityIncidentResponse"
],
"Condition" : {
"StringLike" : {
"iam:AWSServiceName" : "security-ir.amazonaws.com"
}
}
},
{
"Sid" : "AllowCreationOfServiceLinkedRoleForSecurityIncidentResponseTriage",
"Effect" : "Allow",
"Action" : [
"iam:CreateServiceLinkedRole"
],
"Resource" : [
"arn:aws:iam::*:role/aws-service-role/triage.security-ir.amazonaws.com/AWSServiceRoleForSecurityIncidentResponse_Triage"
],
"Condition" : {
"StringLike" : {
"iam:AWSServiceName" : "triage.security-ir.amazonaws.com"
}
}
},
{
"Sid" : "OrganizationsPolicies",
"Effect" : "Allow",
"Action" : [
"organizations:DescribeOrganization",
"organizations:ListDelegatedAdministrators"
],
"Resource" : "*"
}
]
}
```
## Learn more
+ [Create a permission set using AWS managed policies in IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtocreatepermissionset.html)
+ [Adding and removing IAM identity permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html)
+ [Understand versioning for IAM policies](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies_managed-versioning.html)
+ [Get started with AWS managed policies and move toward least-privilege permissions](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html#bp-use-aws-defined-policies)