AWS managed policies for AWS Support - AWS Support
AWSSupportServiceRolePolicyPolicy updates

AWS managed policies for AWS Support

AWS Support has the following managed policies.

Contents

AWS managed policy: AWSSupportServiceRolePolicy

AWS Support uses the AWSSupportServiceRolePolicy AWS managed policy. This managed policy is attached to the AWSServiceRoleForSupport service-linked role. The policy allows the service-linked role to complete actions on your behalf. You can't attach this policy to your IAM entities. For more information, see Service-linked role permissions for AWS Support.

For a list of changes to the policy, see AWS Support updates to AWS managed policies and Permission changes for AWSSupportServiceRolePolicy.

AWS Support updates to AWS managed policies

View details about updates to AWS managed policies for AWS Support since these services began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Document history page.

The following table describes important updates to the AWS Support managed policies since February 17, 2022.

AWS Support
Change Description Date

AWSSupportServiceRolePolicy – Update to an existing policy

Added 79 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • AWS account – To troubleshoot issues related to the AWS account.

  • AWS Auto Scaling – To debug issues related to AWS Auto Scaling.

  • Amazon Bedrock – To debug issues related to Amazon Bedrock.

  • AWS CodeConnections – To troubleshoot issues related to the AWS CodeConnections.

  • AWS Deadline Cloud – To debug issues related to the AWS Deadline Cloud.

  • Amazon Elastic Kubernetes Service – To troubleshoot issues related to Amazon Elastic Kubernetes Service.

  • Elastic Load Balancing – To troubleshoot issues related to the Elastic Load Balancing.

  • AWS Free Tier – To debug issues related to the AWS Free Tier.

  • Amazon Inspector – To troubleshoot issues related to the Amazon Inspector.

  • Amazon OpenSearch Ingestion – To troubleshoot issues related to the Amazon OpenSearch Ingestion.

  • Amazon WorkSpaces – To debug issues related to Amazon WorkSpaces.

  • AWS X-Ray – To debug issues related to the AWS X-Ray.

 Aug 5, 2024

AWSSupportServiceRolePolicy – Update to an existing policy

Added 17 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon CloudWatch Network Monitor – To troubleshoot issues related to the Network Monitor service.

  • Amazon CloudWatch Logs – To debug issues related to Amazon CloudWatch Logs.

  • Amazon Managed Streaming for Apache Kafka – To debug issues related to Amazon Managed Streaming for Apache Kafka.

  • Amazon Managed Service for Prometheus – To troubleshoot issues related to the Amazon Managed Service for Prometheus.

 Mar 22, 2024

AWSSupportServiceRolePolicy – Update to an existing policy

Added 63 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • AWS Clean Rooms – To troubleshoot issues related to the AWS Clean Rooms.

  • CodeConnections – To troubleshoot issues related to CodeConnections.

  • Amazon EKS – To debug issues related to Amazon EKS.

  • Image Builder – To debug issues related to the Image Builder.

  • Amazon Inspector2 – To troubleshoot issues related to Amazon Inspector2.

  • Amazon Inspector Scan – To debug issues related to the Amazon Inspector Scan.

  • Amazon CloudWatch Logs – To troubleshoot issues related to Amazon CloudWatch Logs.

  • AWS Outposts – To troubleshoot issues related to the AWS Outposts.

  • Amazon RDS – To debug issues related to Amazon RDS.

  • AWS IAM Identity Center – To troubleshoot issues related to AWS IAM Identity Center.

  • Amazon S3 Express – To debug issues related to Amazon S3 Express.

  • AWS Trusted Advisor – To troubleshoot issues related to AWS Trusted Advisor.

 Jan 17, 2024

AWSSupportServiceRolePolicy – Update to an existing policy

Added 126 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • AWS Direct Connect – To troubleshoot issues related to the AWS Direct Connect service.

  • Amazon SageMaker – To troubleshoot issues related to Amazon SageMaker service.

  • Amazon AppStream – To debug issues related to Amazon AppStream.

  • AWS Resource Explorer – To debug issues related to the AWS Resource Explorer.

  • Amazon Redshift serverless – To troubleshoot issues related to Amazon Redshift serverless.

  • Amazon ElastiCache – To debug issues related to the Amazon ElastiCache.

  • Amazon Comprehend – To troubleshoot issues related to Amazon Comprehend.

  • Amazon EC2 – To troubleshoot issues related to the Amazon EC2.

  • Amazon Elastic Kubernetes Service – To debug issues related to Amazon Elastic Kubernetes Service.

  • AWS Elastic Disaster Recovery – To troubleshoot issues related to AWS Elastic Disaster Recovery.

  • AWS AppSync – To debug issues related to AWS AppSync.

  • Amazon CloudWatch Logs – To troubleshoot issues related to Amazon CloudWatch Logs.

  • AWS Health – To debug issues related to the AWS Health Service.

  • Amazon Connect – To debug issues related to the Amazon Connect.

  • AWS Snowball – To troubleshoot issues related to AWS Snowball.

  • AWS HealthImaging – To troubleshoot issues related to AWS HealthImaging.

 Dec 6, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 163 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon CloudFront – To troubleshoot issues related to the CloudFront service.

  • Amazon EC2 – To troubleshoot issues related to Amazon EC2 service.

  • Amazon AppStream – To debug issues related to Amazon AppStream.

  • AWS WAF – To debug issues related to the AWS Web Application Firewall.

  • Amazon Connect – To troubleshoot issues related to Amazon Connect.

  • AWS IoT – To debug issues related to the AWS IoT.

  • Amazon Route 53 – To troubleshoot issues related to Amazon Route 53.

  • AWS Verified Access – To troubleshoot issues related to the AWS Verified Access service.

  • Amazon Simple Email Service – To debug issues related to Amazon Simple Email Service.

  • AWS Elastic Beanstalk – To troubleshoot issues related to AWS Elastic Beanstalk.

  • Amazon DynamoDB – To debug issues related to Amazon DynamoDB.

  • AWS EC2 Image Builder – To troubleshoot issues related to AWS EC2 Image Builder.

  • AWS Outposts – To debug issues related to the AWS Outposts Service.

  • AWS Glue – To debug issues related to the AWS Glue.

  • AWS Directory Service – To troubleshoot issues related to AWS Directory Service.

  • AWS Elastic Disaster Recovery – To troubleshoot issues related to AWS Elastic Disaster Recovery.

  • AWS Step Functions – To debug issues related to AWS Step Functions.

  • Amazon EMR – To troubleshoot issues related to Amazon EMR.

  • Amazon Relational Database Service – To troubleshoot issues related to Amazon Relational Database Service.

  • Amazon EC2 Systems Manager – To debug issues related to Amazon EC2 Systems Manager.

 Oct 27, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 176 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • AWS Glue – To troubleshoot issues related to the AWS Glue service

  • Amazon EMR – To troubleshoot issues related to Amazon EMR service.

  • Amazon Security Lake – To debug issues related to Amazon Security Lake.

  • AWS Systems Manager – To debug issues related to the Systems Manager service.

  • Amazon Verified Permissions – To troubleshoot issues related to Amazon Verified Permissions.

  • AWS IAM Access Analyzer – To debug issues related to the IAM Access Analyzer service.

  • AWS Backup – To troubleshoot issues related to AWS Backup.

  • AWS Database Migration Service – To troubleshoot issues related to the DMS service.

  • Amazon DynamoDB – To debug issues related to Dynamo DB.

  • Amazon Elastic Container Registry (Amazon ECR) – To troubleshoot issues related to Amazon Elastic Container Registry (Amazon ECR).

  • Amazon Elastic Container Service – To debug issues related to Amazon Elastic Container Service.

  • Amazon Elastic Kubernetes Service – To troubleshoot issues related to Amazon Elastic Kubernetes Service.

  • Amazon EMR Serverless – To debug issues related to the Amazon EMR Serverless Service.

  • AWS Identity and Access Management – To troubleshoot issues related to AWS Identity and Access Management.

  • AWS Network Firewall – To troubleshoot issues related to AWS Network Firewall.

  • AWS HealthOmics – To debug issues related to AWS HealthOmics.

  • Amazon QuickSight – To debug issues related to Amazon QuickSight.

  • Amazon Relational Database Service – To troubleshoot issues related to Amazon Relational Database Service.

  • Amazon Redshift – To troubleshoot issues related to Amazon Redshift.

  • Amazon Redshift Serverless – To debug issues related to Amazon Redshift Serverless.

  • Amazon SageMaker – To debug issues related to Amazon SageMaker.

 Aug 28, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 141 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Lambda – To troubleshoot issues related to Lambda service.

  • Amazon Lex – To troubleshoot issues related to Amazon Lex service.

  • AWS Transfer – To debug issues related to Transfer service.

  • AWS Amplify – To debug issues related to Amplify service.

  • Amazon EventBridge Pipes – To troubleshoot permissions and billing issues related to Pipes.

  • Amazon EventBridge – To debug issues related to Amazon EventBridge

  • Amazon CloudWatch Logs – To troubleshoot issues related to Amazon CloudWatch Logs.

  • AWS Systems Manager – To troubleshoot issues related to Systems Manager.

  • Amazon CloudWatch – To debug issues related to CloudWatch.

  • Amazon ElastiCache – To troubleshoot issues related to Amazon ElastiCache.

  • Amazon Athena – To debug issues related to Athena.

  • AWS Elastic Disaster Recovery – To troubleshoot issues related to Elastic Disaster Recovery.

  • Amazon CloudWatch – To troubleshoot configurations of Amazon CloudWatch.

  • Amazon EC2 – To debug issues related to the EC2 service.

  • AWS Certificate Manager – To troubleshoot issues related to Certificate Manager.

  • Amazon EventBridge Scheduler – To troubleshoot issues related to EventBridge Scheduler.

  • Amazon OpenSearch Service – To troubleshoot issues related to OpenSearch.

  • Amazon EventBridge Schemas – To debug issues related to EventBridge Schemas.

  • AWS User Notifications – To troubleshoot issues related to User Notifications.

  • Amazon CloudWatch Application Insights – To troubleshoot issues related to CloudWatch Application Insights.

  • Amazon DynamoDB – To troubleshoot issues related to DynamoDB.

  • Amazon DocumentDB Elastic Clusters – To troubleshoot issues related to DocumentDB Elastic Clusters.

 June 26, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 53 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Auto Scaling – To troubleshoot issues related to Auto Scaling service.

  • Amazon CloudWatch – To troubleshoot issues related to Amazon CloudWatch.

  • AWS Compute Optimizer – To troubleshoot issues related to Compute Optimizer.

  • Amazon CloudWatch Evidently – To troubleshoot issues related to Evidently.

  • EC2 Image Builder – To troubleshoot issues related to Image Builder service.

  • AWS IoT TwinMaker – To troubleshoot issues related to AWS IoT TwinMaker.

  • Amazon CloudWatch Logs – To troubleshoot issues related to Amazon CloudWatch Logs.

  • Amazon Pinpoint – To troubleshoot issues related to Amazon Pinpoint.

  • AWS OAM Link – To debug issues related to OAM resources.

  • AWS Outposts – To troubleshoot issues related to AWS Outposts.

  • Amazon RDS – To debug issues related to Amazon RDS.

  • AWS Resource Explorer – To troubleshoot issues related to Resource Explorer.

  • Amazon CloudWatch RUM – To troubleshoot configurations of RUM service resources.

  • Amazon SNS – To troubleshoot issues related to Amazon SNS.

  • Amazon CloudWatch Synthetics – To troubleshoot issues related to CloudWatch Synthetics.

 May 02, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 52 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • AWS Backup gateway – To troubleshoot issues related to Backup gateway.

  • Amazon S3 – To debug issues related to Amazon S3.

  • AWS Application Migration Service – To troubleshoot issues related to Application Migration Service.

  • AWS Clean Rooms – To debug issues related to AWS Clean Rooms;

  • AWS Systems Manager for SAP – To troubleshoot issues related to AWS Systems Manager for SAP.

  • Amazon VPC Lattice – To debug issues related to Amazon VPC Lattice.

 March 16, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 220 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Athena – To enable AWS Support to develop tools that can be used to help customers with their queries related to Athena.

  • Amazon Chime – To troubleshoot issues related to Amazon Chime.

  • Amazon CloudWatch Internet Monitor – To debug issues related to Internet Monitor.

  • Amazon Comprehend – To troubleshoot issues related to Amazon Comprehend.

  • Amazon Elastic Compute Cloud – To debug issues related to Transit Gateway Connect and multicast features.

  • Amazon EventBridge Pipes – To troubleshoot issues related to EventBridge Pipes.

  • Amazon Interactive Video Service – To enable AWS Support to query Amazon IVS resources to troubleshoot customer issues.

  • Amazon FSx – To enable AWS Support to develop tools to support importing and exporting for an Amazon FSx data repository.

  • Amazon GameLift – To troubleshoot issues related to Amazon GameLift.

  • AWS Glue– To troubleshoot issues related to AWS Glue Data Quality.

  • Amazon Kinesis Video Streams– To troubleshoot issues related to Kinesis Video Streams.

  • Amazon Managed Service for Prometheus – To troubleshoot issues related to Amazon Managed Service for Prometheus.

  • Amazon Managed Streaming for Apache Kafka – To troubleshoot issues related to Amazon MSK Connect.

  • AWS Network Manager – To troubleshoot issues related to Network Manager.

  • Amazon Nimble Studio – To debug issues related to Nimble Studio.

  • Amazon Personalize – To debug issues related to Amazon Personalize.

  • Amazon Pinpoint – To troubleshoot issues related to Amazon Pinpoint.

  • AWS HealthOmics – To troubleshoot issues related to HealthOmics.

  • Amazon Transcribe – To debug issues related to Amazon Transcribe.

 January 10, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 47 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • AWS Application Migration Service – To troubleshoot replication and launch issues.

  • AWS CloudFormation hooks – To enable AWS Support to develop automation tools that can help resolve issues.

  • Amazon Elastic Kubernetes Service – To troubleshoot issues related to Amazon EKS.

  • AWS IoT FleetWise – To troubleshoot issues related to AWS IoT FleetWise.

  • AWS Mainframe Modernization – To debug issues related to AWS Mainframe Modernization.

  • AWS Outposts – To help AWS Support get a list of dedicated hosts and assets.

  • AWS Private 5G – To troubleshoot issues related to Private 5G.

  • AWS Tiros – To debug issues related to Tiros.

 October 4, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added 46 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Managed Streaming for Apache Kafka – To troubleshoot issues related to Amazon MSK.

  • AWS DataSync – To troubleshoot issues related to DataSync.

  • AWS Elastic Disaster Recovery – To troubleshoot replication and launch issues.

  • Amazon GameSparks – To troubleshoot issues related to GameSparks.

  • AWS IoT TwinMaker – To debug issues related to AWS IoT TwinMaker.

  • AWS Lambda – To view the configuration of a function URL to troubleshooting issues.

  • Amazon Lookout for Equipment – To troubleshoot issues related to Lookout for Equipment.

  • Amazon Route 53 and Amazon Route 53 Resolver – To get resolver configurations so that AWS Support can check the DNS resolution behavior of a VPC.

 August 17, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon CloudWatch Logs – To help troubleshoot CloudWatch Logs related issues.

  • Amazon Interactive Video Service – To help AWS Support check existing Amazon IVS resources for support cases regarding fraud or compromised accounts.

  • Amazon Inspector – To troubleshoot Amazon Inspector related issues.

Removed permissions for services, such as Amazon WorkLink. Amazon WorkLink was deprecated on April 19, 2022.

 June 23, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added 25 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • AWS Amplify UI Builder – To troubleshoot issues related to component and theme generation.

  • Amazon AppStream – To troubleshoot issues by retrieving resources for features that launched recently.

  • AWS Backup – To troubleshoot issues related to backup jobs.

  • AWS CloudFormation – To perform diagnostics on issues related to IAM, extension, and versioning.

  • Amazon Kinesis – To troubleshoot issues related to Kinesis.

  • AWS Transfer Family – To troubleshoot issues related to Transfer Family.

 April 27, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added 54 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Elastic Compute Cloud

    • To troubleshoot issues related to customer and AWS-managed prefixed lists.

    • To troubleshoot issues related to Amazon VPC IP Address Manager (IPAM).

  • AWS Network Manager – To troubleshoot issues related to Network Manager.

  • Savings Plans – To get metadata about outstanding Savings Plan commitments.

  • AWS Serverless Application Repository – To improve and support response actions as part of researching and resolving support cases.

  • Amazon WorkSpaces Web – To debug and troubleshoot issues with WorkSpaces Web services.

 March 14, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added 74 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • AWS Application Migration Service – To support agentless replication in the Application Migration Service.

  • AWS CloudFormation – To perform diagnostics on IAM, extension, and versioning related issues.

  • Amazon CloudWatch Logs – To validate resource policies.

  • Amazon EC2 Recycle Bin – To get metadata about Recycle Bin retention rules.

  • AWS Elastic Disaster Recovery – To troubleshoot replication and launch problems in customer accounts.

  • Amazon FSx – To view the description of Amazon FSx snapshots.

  • Amazon Lightsail – To view metadata and configurations details for Lightsail buckets.

  • Amazon Macie – To view Macie configurations, such as classification jobs, custom data identifiers, regular expressions and findings.

  • Amazon S3 – To gather metadata and configurations for Amazon S3 buckets.

  • AWS Storage Gateway – To view metadata about customers' automatic tape creation policies.

  • Elastic Load Balancing – To view the description of resource limits when using the Service Quotas console.

For more information, see Permission changes for AWSSupportServiceRolePolicy.

 February 17, 2022

Change log published

Change log for the AWS Support managed policies.

 February 17, 2022