Amazon managed policies for Amazon Web Services Support - Amazon Web Services Support
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Amazon managed policies for Amazon Web Services Support

Amazon Web Services Support has the following managed policies.

Amazon managed policy: AWSSupportServiceRolePolicy

Amazon Web Services Support uses the AWSSupportServiceRolePolicy Amazon managed policy. This managed policy is attached to the AWSServiceRoleForSupport service-linked role. The policy allows the service-linked role to complete actions on your behalf. You can't attach this policy to your IAM entities. For more information, see Service-linked role permissions for Amazon Web Services Support.

For a list of changes to the policy, see Amazon Web Services Support updates to Amazon managed policies and Permission changes for AWSSupportServiceRolePolicy.

Amazon Web Services Support updates to Amazon managed policies

View details about updates to Amazon managed policies for Amazon Web Services Support since these services began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Document history page.

The following table describes important updates to the Amazon Web Services Support managed policies since February 17, 2022.

Amazon Web Services Support
Change Description Date

AWSSupportServiceRolePolicy – Update to an existing policy

Added 220 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Athena – To enable Amazon Web Services Support to develop tools that can be used to help customers with their queries related to Athena.

  • Amazon Chime – To troubleshoot issues related to Amazon Chime.

  • Amazon CloudWatch Internet Monitor – To debug issues related to Internet Monitor.

  • Amazon Comprehend – To troubleshoot issues related to Amazon Comprehend.

  • Amazon Elastic Compute Cloud – To debug issues related to Transit Gateway Connect and multicast features.

  • Amazon EventBridge Pipes – To troubleshoot issues related to EventBridge Pipes.

  • Amazon Interactive Video Service – To enable Amazon Web Services Support to query Amazon IVS resources to troubleshoot customer issues.

  • Amazon FSx – To enable Amazon Web Services Support to develop tools to support importing and exporting for an Amazon FSx data repository.

  • Amazon GameLift – To troubleshoot issues related to GameLift.

  • Amazon Glue– To troubleshoot issues related to Amazon Glue Data Quality.

  • Amazon Kinesis Video Streams– To troubleshoot issues related to Kinesis Video Streams.

  • Amazon Managed Service for Prometheus – To troubleshoot issues related to Amazon Managed Service for Prometheus.

  • Amazon Managed Streaming for Apache Kafka – To troubleshoot issues related to Amazon MSK Connect.

  • Amazon Network Manager – To troubleshoot issues related to Network Manager.

  • Amazon Nimble Studio – To debug issues related to Nimble Studio.

  • Amazon Personalize – To debug issues related to Amazon Personalize.

  • Amazon Pinpoint – To troubleshoot issues related to Amazon Pinpoint.

  • Amazon Omics – To troubleshoot issues related to Omics.

  • Amazon Transcribe – To debug issues related to Amazon Transcribe.

January 10, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 47 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Application Migration Service – To troubleshoot replication and launch issues.

  • Amazon CloudFormation hooks – To enable Amazon Web Services Support to develop automation tools that can help resolve issues.

  • Amazon Elastic Kubernetes Service – To troubleshoot issues related to Amazon EKS.

  • Amazon IoT FleetWise – To troubleshoot issues related to Amazon IoT FleetWise.

  • Amazon Mainframe Modernization – To debug issues related to Mainframe Modernization.

  • Amazon Outposts – To help Amazon Web Services Support get a list of dedicated hosts and assets.

  • Amazon Private 5G – To troubleshoot issues related to Private 5G.

  • Amazon Tiros – To debug issues related to Tiros.

October 4, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added 46 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Managed Streaming for Apache Kafka – To troubleshoot issues related to Amazon MSK.

  • Amazon DataSync – To troubleshoot issues related to DataSync.

  • Amazon Elastic Disaster Recovery – To troubleshoot replication and launch issues.

  • Amazon GameSparks – To troubleshoot issues related to GameSparks.

  • Amazon IoT TwinMaker – To debug issues related to Amazon IoT TwinMaker.

  • Amazon Lambda – To view the configuration of a function URL to troubleshooting issues.

  • Amazon Lookout for Equipment – To troubleshoot issues related to Lookout for Equipment.

  • Amazon Route 53 and Amazon Route 53 Resolver – To get resolver configurations so that Amazon Web Services Support can check the DNS resolution behavior of a VPC.

August 17, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon CloudWatch Logs – To help troubleshoot CloudWatch Logs related issues.

  • Amazon Interactive Video Service – To help Amazon Web Services Support check existing Amazon IVS resources for support cases regarding fraud or compromised accounts.

  • Amazon Inspector – To troubleshoot Amazon Inspector related issues.

Removed permissions for services, such as Amazon WorkLink. Amazon WorkLink was deprecated on April 19, 2022.

June 23, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added 25 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Amplify UI Builder – To troubleshoot issues related to component and theme generation.

  • Amazon AppStream – To troubleshoot issues by retrieving resources for features that launched recently.

  • Amazon Backup – To troubleshoot issues related to backup jobs.

  • Amazon CloudFormation – To perform diagnostics on issues related to IAM, extension, and versioning.

  • Amazon Kinesis – To troubleshoot issues related to Kinesis.

  • Amazon Transfer Family – To troubleshoot issues related to Transfer Family.

April 27, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added 54 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Elastic Compute Cloud

    • To troubleshoot issues related to customer and Amazon-managed prefixed lists.

    • To troubleshoot issues related to Amazon VPC IP Address Manager (IPAM).

  • Amazon Network Manager – To troubleshoot issues related to Network Manager.

  • Savings Plans – To get metadata about outstanding Savings Plan commitments.

  • Amazon Serverless Application Repository – To improve and support response actions as part of researching and resolving support cases.

  • Amazon WorkSpaces Web – To debug and troubleshoot issues with WorkSpaces Web services.

March 14, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added 74 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Application Migration Service – To support agentless replication in the Application Migration Service.

  • Amazon CloudFormation – To perform diagnostics on IAM, extension, and versioning related issues.

  • Amazon CloudWatch Logs – To validate resource policies.

  • Amazon EC2 Recycle Bin – To get metadata about Recycle Bin retention rules.

  • Amazon Elastic Disaster Recovery – To troubleshoot replication and launch problems in customer accounts.

  • Amazon FSx – To view the description of Amazon FSx snapshots.

  • Amazon Lightsail – To view metadata and configurations details for Lightsail buckets.

  • Amazon Macie – To view Macie configurations, such as classification jobs, custom data identifiers, regular expressions and findings.

  • Amazon S3 – To gather metadata and configurations for Amazon S3 buckets.

  • Amazon Storage Gateway – To view metadata about customers' automatic tape creation policies.

  • Elastic Load Balancing – To view the description of resource limits when using the Service Quotas console.

For more information, see Permission changes for AWSSupportServiceRolePolicy.

February 17, 2022

Change log published

Change log for the Amazon Web Services Support managed policies.

February 17, 2022