Amazon managed policies for Amazon Web Services Support - Amazon Web Services Support
AWSSupportServiceRolePolicyPolicy updates
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon managed policies for Amazon Web Services Support

Amazon Web Services Support has the following managed policies.

Contents

Amazon managed policy: AWSSupportServiceRolePolicy

Amazon Web Services Support uses the AWSSupportServiceRolePolicy Amazon managed policy. This managed policy is attached to the AWSServiceRoleForSupport service-linked role. The policy allows the service-linked role to complete actions on your behalf. You can't attach this policy to your IAM entities. For more information, see Service-linked role permissions for Amazon Web Services Support.

For a list of changes to the policy, see Amazon Web Services Support updates to Amazon managed policies and Permission changes for AWSSupportServiceRolePolicy.

Amazon Web Services Support updates to Amazon managed policies

View details about updates to Amazon managed policies for Amazon Web Services Support since these services began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Document history page.

The following table describes important updates to the Amazon Web Services Support managed policies since February 17, 2022.

Amazon Web Services Support
Change Description Date

AWSSupportServiceRolePolicy – Update to an existing policy

Added 17 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon CloudWatch Network Monitor – To troubleshoot issues related to the Network Monitor service.

  • Amazon CloudWatch Logs – To debug issues related to Amazon CloudWatch Logs.

  • Amazon Managed Streaming for Apache Kafka – To debug issues related to Amazon Managed Streaming for Apache Kafka.

  • Amazon Managed Service for Prometheus – To troubleshoot issues related to the Amazon Managed Service for Prometheus.

 Mar 22, 2024

AWSSupportServiceRolePolicy – Update to an existing policy

Added 63 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Clean Rooms – To troubleshoot issues related to the Amazon Clean Rooms.

  • CodeConnections – To troubleshoot issues related to CodeConnections.

  • Amazon EKS – To debug issues related to Amazon EKS.

  • Image Builder – To debug issues related to the Image Builder.

  • Amazon Inspector2 – To troubleshoot issues related to Amazon Inspector2.

  • Amazon Inspector Scan – To debug issues related to the Amazon Inspector Scan.

  • Amazon CloudWatch Logs – To troubleshoot issues related to Amazon CloudWatch Logs.

  • Amazon Outposts – To troubleshoot issues related to the Amazon Outposts.

  • Amazon RDS – To debug issues related to Amazon RDS.

  • Amazon IAM Identity Center – To troubleshoot issues related to Amazon IAM Identity Center.

  • Amazon S3 Express – To debug issues related to Amazon S3 Express.

  • Amazon Trusted Advisor – To troubleshoot issues related to Amazon Trusted Advisor.

 Jan 17, 2024

AWSSupportServiceRolePolicy – Update to an existing policy

Added 126 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Direct Connect – To troubleshoot issues related to the Amazon Direct Connect service.

  • Amazon SageMaker – To troubleshoot issues related to Amazon SageMaker service.

  • Amazon AppStream – To debug issues related to Amazon AppStream.

  • Amazon Resource Explorer – To debug issues related to the Amazon Resource Explorer.

  • Amazon Redshift serverless – To troubleshoot issues related to Amazon Redshift serverless.

  • Amazon ElastiCache – To debug issues related to the Amazon ElastiCache.

  • Amazon Comprehend – To troubleshoot issues related to Amazon Comprehend.

  • Amazon EC2 – To troubleshoot issues related to the Amazon EC2.

  • Amazon Elastic Kubernetes Service – To debug issues related to Amazon Elastic Kubernetes Service.

  • Amazon Elastic Disaster Recovery – To troubleshoot issues related to Amazon Elastic Disaster Recovery.

  • Amazon AppSync – To debug issues related to Amazon AppSync.

  • Amazon CloudWatch Logs – To troubleshoot issues related to Amazon CloudWatch Logs.

  • Amazon Health – To debug issues related to the Amazon Health Service.

  • Amazon Connect – To debug issues related to the Amazon Connect.

  • Amazon Snowball – To troubleshoot issues related to Amazon Snowball.

  • Amazon HealthImaging – To troubleshoot issues related to Amazon HealthImaging.

 Dec 6, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 163 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon CloudFront – To troubleshoot issues related to the CloudFront service.

  • Amazon EC2 – To troubleshoot issues related to Amazon EC2 service.

  • Amazon AppStream – To debug issues related to Amazon AppStream.

  • Amazon WAF – To debug issues related to the Amazon Web Application Firewall.

  • Amazon Connect – To troubleshoot issues related to Amazon Connect.

  • Amazon IoT – To debug issues related to the Amazon IoT.

  • Amazon Route 53 – To troubleshoot issues related to Amazon Route 53.

  • Amazon Verified Access – To troubleshoot issues related to the Amazon Verified Access service.

  • Amazon Simple Email Service – To debug issues related to Amazon Simple Email Service.

  • Amazon Elastic Beanstalk – To troubleshoot issues related to Amazon Elastic Beanstalk.

  • Amazon DynamoDB – To debug issues related to Amazon DynamoDB.

  • Amazon EC2 Image Builder – To troubleshoot issues related to Amazon EC2 Image Builder.

  • Amazon Outposts – To debug issues related to the Amazon Outposts Service.

  • Amazon Glue – To debug issues related to the Amazon Glue.

  • Amazon Directory Service – To troubleshoot issues related to Amazon Directory Service.

  • Amazon Elastic Disaster Recovery – To troubleshoot issues related to Amazon Elastic Disaster Recovery.

  • Amazon Step Functions – To debug issues related to Amazon Step Functions.

  • Amazon EMR – To troubleshoot issues related to Amazon EMR.

  • Amazon Relational Database Service – To troubleshoot issues related to Amazon Relational Database Service.

  • Amazon EC2 Systems Manager – To debug issues related to Amazon EC2 Systems Manager.

 Oct 27, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 176 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Glue – To troubleshoot issues related to the Amazon Glue service

  • Amazon EMR – To troubleshoot issues related to Amazon EMR service.

  • Amazon Security Lake – To debug issues related to Amazon Security Lake.

  • Amazon Systems Manager – To debug issues related to the Systems Manager service.

  • Amazon Verified Permissions – To troubleshoot issues related to Amazon Verified Permissions.

  • Amazon IAM Access Analyzer – To debug issues related to the IAM Access Analyzer service.

  • Amazon Backup – To troubleshoot issues related to Amazon Backup.

  • Amazon Database Migration Service – To troubleshoot issues related to the DMS service.

  • Amazon DynamoDB – To debug issues related to Dynamo DB.

  • Amazon Elastic Container Registry (Amazon ECR) – To troubleshoot issues related to Amazon Elastic Container Registry (Amazon ECR).

  • Amazon Elastic Container Service – To debug issues related to Amazon Elastic Container Service.

  • Amazon Elastic Kubernetes Service – To troubleshoot issues related to Amazon Elastic Kubernetes Service.

  • Amazon EMR Serverless – To debug issues related to the Amazon EMR Serverless Service.

  • Amazon Identity and Access Management – To troubleshoot issues related to Amazon Identity and Access Management.

  • Amazon Network Firewall – To troubleshoot issues related to Amazon Network Firewall.

  • Amazon HealthOmics – To debug issues related to Amazon HealthOmics.

  • Amazon QuickSight – To debug issues related to Amazon QuickSight.

  • Amazon Relational Database Service – To troubleshoot issues related to Amazon Relational Database Service.

  • Amazon Redshift – To troubleshoot issues related to Amazon Redshift.

  • Amazon Redshift Serverless – To debug issues related to Amazon Redshift Serverless.

  • Amazon SageMaker – To debug issues related to Amazon SageMaker.

 Aug 28, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 141 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Lambda – To troubleshoot issues related to Lambda service.

  • Amazon Lex – To troubleshoot issues related to Amazon Lex service.

  • Amazon Transfer – To debug issues related to Transfer service.

  • Amazon Amplify – To debug issues related to Amplify service.

  • Amazon EventBridge Pipes – To troubleshoot permissions and billing issues related to Pipes.

  • Amazon EventBridge – To debug issues related to Amazon EventBridge

  • Amazon CloudWatch Logs – To troubleshoot issues related to Amazon CloudWatch Logs.

  • Amazon Systems Manager – To troubleshoot issues related to Systems Manager.

  • Amazon CloudWatch – To debug issues related to CloudWatch.

  • Amazon ElastiCache – To troubleshoot issues related to Amazon ElastiCache.

  • Amazon Athena – To debug issues related to Athena.

  • Amazon Elastic Disaster Recovery – To troubleshoot issues related to Elastic Disaster Recovery.

  • Amazon CloudWatch – To troubleshoot configurations of Amazon CloudWatch.

  • Amazon EC2 – To debug issues related to the EC2 service.

  • Amazon Certificate Manager – To troubleshoot issues related to Certificate Manager.

  • Amazon EventBridge Scheduler – To troubleshoot issues related to EventBridge Scheduler.

  • Amazon OpenSearch Service – To troubleshoot issues related to OpenSearch.

  • Amazon EventBridge Schemas – To debug issues related to EventBridge Schemas.

  • Amazon User Notifications – To troubleshoot issues related to User Notifications.

  • Amazon CloudWatch Application Insights – To troubleshoot issues related to CloudWatch Application Insights.

  • Amazon DynamoDB – To troubleshoot issues related to DynamoDB.

  • Amazon DocumentDB Elastic Clusters – To troubleshoot issues related to DocumentDB Elastic Clusters.

 June 26, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 53 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Auto Scaling – To troubleshoot issues related to Auto Scaling service.

  • Amazon CloudWatch – To troubleshoot issues related to Amazon CloudWatch.

  • Amazon Compute Optimizer – To troubleshoot issues related to Compute Optimizer.

  • Amazon CloudWatch Evidently – To troubleshoot issues related to Evidently.

  • EC2 Image Builder – To troubleshoot issues related to Image Builder service.

  • Amazon IoT TwinMaker – To troubleshoot issues related to Amazon IoT TwinMaker.

  • Amazon CloudWatch Logs – To troubleshoot issues related to Amazon CloudWatch Logs.

  • Amazon Pinpoint – To troubleshoot issues related to Amazon Pinpoint.

  • Amazon OAM Link – To debug issues related to OAM resources.

  • Amazon Outposts – To troubleshoot issues related to Amazon Outposts.

  • Amazon RDS – To debug issues related to Amazon RDS.

  • Amazon Resource Explorer – To troubleshoot issues related to Resource Explorer.

  • Amazon CloudWatch RUM – To troubleshoot configurations of RUM service resources.

  • Amazon SNS – To troubleshoot issues related to Amazon SNS.

  • Amazon CloudWatch Synthetics – To troubleshoot issues related to CloudWatch Synthetics.

 May 02, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 52 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Backup gateway – To troubleshoot issues related to Backup gateway.

  • Amazon S3 – To debug issues related to Amazon S3.

  • Amazon Application Migration Service – To troubleshoot issues related to Application Migration Service.

  • Amazon Clean Rooms – To debug issues related to Amazon Clean Rooms;

  • Amazon Systems Manager for SAP – To troubleshoot issues related to Amazon Systems Manager for SAP.

  • Amazon VPC Lattice – To debug issues related to Amazon VPC Lattice.

 March 16, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 220 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Athena – To enable Amazon Web Services Support to develop tools that can be used to help customers with their queries related to Athena.

  • Amazon Chime – To troubleshoot issues related to Amazon Chime.

  • Amazon CloudWatch Internet Monitor – To debug issues related to Internet Monitor.

  • Amazon Comprehend – To troubleshoot issues related to Amazon Comprehend.

  • Amazon Elastic Compute Cloud – To debug issues related to Transit Gateway Connect and multicast features.

  • Amazon EventBridge Pipes – To troubleshoot issues related to EventBridge Pipes.

  • Amazon Interactive Video Service – To enable Amazon Web Services Support to query Amazon IVS resources to troubleshoot customer issues.

  • Amazon FSx – To enable Amazon Web Services Support to develop tools to support importing and exporting for an Amazon FSx data repository.

  • Amazon GameLift – To troubleshoot issues related to Amazon GameLift.

  • Amazon Glue– To troubleshoot issues related to Amazon Glue Data Quality.

  • Amazon Kinesis Video Streams– To troubleshoot issues related to Kinesis Video Streams.

  • Amazon Managed Service for Prometheus – To troubleshoot issues related to Amazon Managed Service for Prometheus.

  • Amazon Managed Streaming for Apache Kafka – To troubleshoot issues related to Amazon MSK Connect.

  • Amazon Network Manager – To troubleshoot issues related to Network Manager.

  • Amazon Nimble Studio – To debug issues related to Nimble Studio.

  • Amazon Personalize – To debug issues related to Amazon Personalize.

  • Amazon Pinpoint – To troubleshoot issues related to Amazon Pinpoint.

  • Amazon HealthOmics – To troubleshoot issues related to HealthOmics.

  • Amazon Transcribe – To debug issues related to Amazon Transcribe.

 January 10, 2023

AWSSupportServiceRolePolicy – Update to an existing policy

Added 47 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Application Migration Service – To troubleshoot replication and launch issues.

  • Amazon CloudFormation hooks – To enable Amazon Web Services Support to develop automation tools that can help resolve issues.

  • Amazon Elastic Kubernetes Service – To troubleshoot issues related to Amazon EKS.

  • Amazon IoT FleetWise – To troubleshoot issues related to Amazon IoT FleetWise.

  • Amazon Mainframe Modernization – To debug issues related to Mainframe Modernization.

  • Amazon Outposts – To help Amazon Web Services Support get a list of dedicated hosts and assets.

  • Amazon Private 5G – To troubleshoot issues related to Private 5G.

  • Amazon Tiros – To debug issues related to Tiros.

 October 4, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added 46 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Managed Streaming for Apache Kafka – To troubleshoot issues related to Amazon MSK.

  • Amazon DataSync – To troubleshoot issues related to DataSync.

  • Amazon Elastic Disaster Recovery – To troubleshoot replication and launch issues.

  • Amazon GameSparks – To troubleshoot issues related to GameSparks.

  • Amazon IoT TwinMaker – To debug issues related to Amazon IoT TwinMaker.

  • Amazon Lambda – To view the configuration of a function URL to troubleshooting issues.

  • Amazon Lookout for Equipment – To troubleshoot issues related to Lookout for Equipment.

  • Amazon Route 53 and Amazon Route 53 Resolver – To get resolver configurations so that Amazon Web Services Support can check the DNS resolution behavior of a VPC.

 August 17, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon CloudWatch Logs – To help troubleshoot CloudWatch Logs related issues.

  • Amazon Interactive Video Service – To help Amazon Web Services Support check existing Amazon IVS resources for support cases regarding fraud or compromised accounts.

  • Amazon Inspector – To troubleshoot Amazon Inspector related issues.

Removed permissions for services, such as Amazon WorkLink. Amazon WorkLink was deprecated on April 19, 2022.

 June 23, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added 25 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Amplify UI Builder – To troubleshoot issues related to component and theme generation.

  • Amazon AppStream – To troubleshoot issues by retrieving resources for features that launched recently.

  • Amazon Backup – To troubleshoot issues related to backup jobs.

  • Amazon CloudFormation – To perform diagnostics on issues related to IAM, extension, and versioning.

  • Amazon Kinesis – To troubleshoot issues related to Kinesis.

  • Amazon Transfer Family – To troubleshoot issues related to Transfer Family.

 April 27, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added 54 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Elastic Compute Cloud

    • To troubleshoot issues related to customer and Amazon-managed prefixed lists.

    • To troubleshoot issues related to Amazon VPC IP Address Manager (IPAM).

  • Amazon Network Manager – To troubleshoot issues related to Network Manager.

  • Savings Plans – To get metadata about outstanding Savings Plan commitments.

  • Amazon Serverless Application Repository – To improve and support response actions as part of researching and resolving support cases.

  • Amazon WorkSpaces Web – To debug and troubleshoot issues with WorkSpaces Web services.

 March 14, 2022

AWSSupportServiceRolePolicy – Update to an existing policy

Added 74 new permissions to the following services to perform actions that help troubleshoot customer issues related to billing, administrative, and technical support:

  • Amazon Application Migration Service – To support agentless replication in the Application Migration Service.

  • Amazon CloudFormation – To perform diagnostics on IAM, extension, and versioning related issues.

  • Amazon CloudWatch Logs – To validate resource policies.

  • Amazon EC2 Recycle Bin – To get metadata about Recycle Bin retention rules.

  • Amazon Elastic Disaster Recovery – To troubleshoot replication and launch problems in customer accounts.

  • Amazon FSx – To view the description of Amazon FSx snapshots.

  • Amazon Lightsail – To view metadata and configurations details for Lightsail buckets.

  • Amazon Macie – To view Macie configurations, such as classification jobs, custom data identifiers, regular expressions and findings.

  • Amazon S3 – To gather metadata and configurations for Amazon S3 buckets.

  • Amazon Storage Gateway – To view metadata about customers' automatic tape creation policies.

  • Elastic Load Balancing – To view the description of resource limits when using the Service Quotas console.

For more information, see Permission changes for AWSSupportServiceRolePolicy.

 February 17, 2022

Change log published

Change log for the Amazon Web Services Support managed policies.

 February 17, 2022