AWS managed policies for AWS Partner-Led Support - AWS Support
AWSPartnerLedSupportReadOnlyAccessPolicy updates

AWS managed policies for AWS Partner-Led Support

An AWS managed policy is a standalone policy that is created and administered by AWS. AWS managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.

Keep in mind that AWS managed policies might not grant least-privilege permissions for your specific use cases because they're available for all AWS customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.

You cannot change the permissions defined in AWS managed policies. If AWS updates the permissions defined in an AWS managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. AWS is most likely to update an AWS managed policy when a new AWS service is launched or new API operations become available for existing services.

For more information, see AWS managed policies in the IAM User Guide.

AWS managed policy: AWSPartnerLedSupportReadOnlyAccess

You can attach AWSPartnerLedSupportReadOnlyAccess to your users, groups, and roles.

This policy can be used to grant read-only access to APIs that can read service metadata for services in your AWS account. You can use this policy to provide your partners in the AWS Partner-Led Support Program with access to the services specified in the permissions details section below.

Permissions details

This policy includes the following permissions.

  • acm – Allow principals to troubleshoot technical support cases related to AWS Certificate Manager.

  • acm-pca – Allow principals to troubleshoot technical support cases related to AWS Private Certificate Authority.

  • apigateway – Allow principals to troubleshoot technical support cases related to Amazon API Gateway.

  • athena – Allow principals to troubleshoot technical support cases related to Amazon Athena.

  • backup – Allow principals to troubleshoot technical support cases related to AWS Backup.

  • backup-gateway – Allow principals to troubleshoot technical support cases related to AWS Backup Gateway.

  • cloudformation – Allow principals to troubleshoot technical support cases related to AWS CloudFormation.

  • cloudfront – Allow principals to troubleshoot technical support cases related to Amazon CloudFront.

  • cloudtrail – Allow principals to troubleshoot technical support cases related to AWS CloudTrail.

  • cloudwatch – Allow principals to troubleshoot technical support cases related to Amazon CloudWatch.

  • codepipeline – Allow principals to troubleshoot technical support cases related to AWS CodePipeline.

  • cognito-identity – Allow principals to troubleshoot technical support cases related to Amazon Cognito Identity.

  • cognito-idp – Allow principals to troubleshoot technical support cases related to Amazon Cognito user pools.

  • cognito-sync – Allow principals to troubleshoot technical support cases related to Amazon Cognito Sync.

  • connect – Allow principals to troubleshoot technical support cases related to Amazon Connect.

  • directconnect – Allow principals to troubleshoot technical support cases related to AWS Direct Connect.

  • dms – Allow principals to troubleshoot technical support cases related to AWS Database Migration Service.

  • ds – Allow principals to troubleshoot technical support cases related to AWS Directory Service.

  • ec2 – Allow principals to troubleshoot technical support cases related to Amazon Elastic Compute Cloud. This include technical support categories in EC2 (Windows and Linux), Virtual Private Cloud (VPC) and VPC.

  • ecs – Allow principals to troubleshoot technical support cases related to Amazon Elastic Container Service.

  • eks – Allow principals to troubleshoot technical support cases related to Amazon Elastic Kubernetes Service.

  • elasticache – Allow principals to troubleshoot technical support cases related to Amazon ElastiCache.

  • elasticbeanstalk – Allow principals to troubleshoot technical support cases related to AWS Elastic Beanstalk.

  • elasticfilesystem – Allow principals to troubleshoot technical support cases related to Amazon Elastic File System.

  • elasticloadbalancing – Allow principals to troubleshoot technical support cases related to Elastic Load Balancing.

  • emr-containers – Allow principals to troubleshoot technical support cases related to Amazon EMR on EKS.

  • emr-serverless – Allow principals to troubleshoot technical support cases related to Amazon EMR Serverless.

  • es – Allow principals to troubleshoot technical support cases related to Amazon OpenSearch Service. This includes technical support categories such as OpenSearch Service Managed Cluster.

  • events – Allow principals to troubleshoot technical support cases related to Amazon EventBridge.

  • fsx – Allow principals to troubleshoot technical support cases related to Amazon FSx. This includes technical support categories such as FSX for Windows File Server.

  • glue – Allow principals to troubleshoot technical support cases related to AWS Glue.

  • guardduty – Allow principals to troubleshoot technical support cases related to Amazon GuardDuty.

  • iam – Allow principals to troubleshoot technical support cases related to AWS Identity and Access Management.

  • kafka – Allow principals to troubleshoot technical support cases related to Amazon Managed Streaming for Apache Kafka.

  • kafkaconnect – Allow principals to troubleshoot technical support cases related to Amazon Managed Streaming for Apache Kafka Connect.

  • lambda – Allow principals to troubleshoot technical support cases related to AWS Lambda.

  • logs – Allow principals to troubleshoot technical support cases related to Amazon CloudWatch Logs.

  • medialive – Allow principals to troubleshoot technical support cases related to AWS Elemental MediaLive.

  • mobiletargeting – Allow principals to troubleshoot technical support cases related to Amazon Pinpoint.

  • pipes – Allow principals to troubleshoot technical support cases related to Amazon EventBridge Pipes.

  • polly – Allow principals to troubleshoot technical support cases related to Amazon Polly.

  • quicksight – Allow principals to troubleshoot technical support cases related to Amazon QuickSight.

  • rds – Allow principals to troubleshoot technical support cases related to Amazon Relational Database Service. This includes technical support categories such as: Relational Database Service (Aurora - MySQL-Compat), Relational Database Service (Aurora - PostgreSQL-c), Relational Database Service (PostgreSQL), Relational Database Service (SQL Server), Relational Database Service (MySQL) and Relational Database Service (Oracle).

  • redshift – Allow principals to troubleshoot technical support cases related to Amazon Redshift.

  • redshift-data – Allow principals to troubleshoot technical support cases related to Amazon Redshift Data API.

  • redshift-serverless – Allow principals to troubleshoot technical support cases related to Amazon Redshift Serverless.

  • route53 – Allow principals to troubleshoot technical support cases related to Amazon Route 53.

  • route53domains – Allow principals to troubleshoot technical support cases related to Amazon Route 53 Domains.

  • route53-recovery-cluster – Allow principals to troubleshoot technical support cases related to Amazon Route 53 Recovery Cluster.

  • route53-recovery-control-config – Allow principals to troubleshoot technical support cases related to Amazon Route 53 Recovery Controls.

  • route53-recovery-readiness – Allow principals to troubleshoot technical support cases related to Amazon Route 53 Recovery Readiness.

  • route53resolver – Allow principals to troubleshoot technical support cases related to Amazon Route 53 Resolver.

  • s3 – Allow principals to troubleshoot technical support cases related to Amazon Simple Storage Service.

  • s3express – Allow principals to troubleshoot technical support cases related to Amazon S3 Express.

  • sagemaker – Allow principals to troubleshoot technical support cases related to Amazon SageMaker AI.

  • scheduler – Allow principals to troubleshoot technical support cases related to Amazon EventBridge Scheduler.

  • servicequotas – Allow principals to troubleshoot technical support cases related to Service Quotas.

  • ses – Allow principals to troubleshoot technical support cases related to Amazon Simple Email Service.

  • sns – Allow principals to troubleshoot technical support cases related to Amazon Simple Notification Service.

  • ssm – Allow principals to troubleshoot technical support cases related to AWS Systems Manager.

  • ssm-contacts – Allow principals to troubleshoot technical support cases related to AWS Systems Manager Incident Manager Contacts.

  • ssm-incidents – Allow principals to troubleshoot technical support cases related to AWS Systems Manager Incident Manager.

  • ssm-sap – Allow principals to troubleshoot technical support cases related to AWS Systems Manager for SAP.

  • swf – Allow principals to troubleshoot technical support cases related to Amazon Simple Workflow Service.

  • vpc-lattice – Allow principals to troubleshoot technical support cases related to Amazon VPC Lattice. This includes technical support categories such as VPC - Transit Gateway.

  • waf – Allow principals to troubleshoot technical support cases related to AWS WAF.

  • waf-regional – Allow principals to troubleshoot technical support cases related to AWS WAF Regional.

  • wafv2 – Allow principals to troubleshoot technical support cases related to AWS WAF V2.

  • workspaces – Allow principals to troubleshoot technical support cases related to Amazon WorkSpaces. This includes technical support categories such as Workspaces (Windows).

  • workspaces-web – Allow principals to troubleshoot technical support cases related to Amazon WorkSpaces Secure Browser. This includes technical support categories such as Workspaces (Windows).

To view the permissions for this policy, see AWSPartnerLedSupportReadOnlyAccess in the AWS Managed Policy Reference.

AWS Partner-Led Support updates to AWS managed policies

View details about updates to AWS managed policies for AWS Partner-Led Support since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the AWS Partner-Led Support Document history page.

Change Description Date

AWSPartnerLedSupportReadOnlyAccess – New policy

Added a new AWS managed policy that contains permissions that can read service metadata for services in your AWS account.

 November 22, 2024

AWS Partner-Led Support started tracking changes

AWS Partner-Led Support started tracking changes for its AWS managed policies.

 November 22, 2024