Amazon managed policies for Amazon Partner-Led Support - Amazon Web Services Support
AWSPartnerLedSupportReadOnlyAccessPolicy updates
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon managed policies for Amazon Partner-Led Support

An Amazon managed policy is a standalone policy that is created and administered by Amazon. Amazon managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.

Keep in mind that Amazon managed policies might not grant least-privilege permissions for your specific use cases because they're available for all Amazon customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.

You cannot change the permissions defined in Amazon managed policies. If Amazon updates the permissions defined in an Amazon managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. Amazon is most likely to update an Amazon managed policy when a new Amazon Web Services service is launched or new API operations become available for existing services.

For more information, see Amazon managed policies in the IAM User Guide.

Amazon managed policy: AWSPartnerLedSupportReadOnlyAccess

You can attach AWSPartnerLedSupportReadOnlyAccess to your users, groups, and roles.

This policy can be used to grant read-only access to APIs that can read service metadata for services in your Amazon account. You can use this policy to provide your partners in the Amazon Partner-Led Support Program with access to the services specified in the permissions details section below.

Permissions details

This policy includes the following permissions.

  • acm – Allow principals to troubleshoot technical support cases related to Amazon Certificate Manager.

  • acm-pca – Allow principals to troubleshoot technical support cases related to Amazon Private Certificate Authority.

  • apigateway – Allow principals to troubleshoot technical support cases related to Amazon API Gateway.

  • athena – Allow principals to troubleshoot technical support cases related to Amazon Athena.

  • backup – Allow principals to troubleshoot technical support cases related to Amazon Backup.

  • backup-gateway – Allow principals to troubleshoot technical support cases related to Amazon Backup Gateway.

  • cloudformation – Allow principals to troubleshoot technical support cases related to Amazon CloudFormation.

  • cloudfront – Allow principals to troubleshoot technical support cases related to Amazon CloudFront.

  • cloudtrail – Allow principals to troubleshoot technical support cases related to Amazon CloudTrail.

  • cloudwatch – Allow principals to troubleshoot technical support cases related to Amazon CloudWatch.

  • codepipeline – Allow principals to troubleshoot technical support cases related to Amazon CodePipeline.

  • cognito-identity – Allow principals to troubleshoot technical support cases related to Amazon Cognito Identity.

  • cognito-idp – Allow principals to troubleshoot technical support cases related to Amazon Cognito user pools.

  • cognito-sync – Allow principals to troubleshoot technical support cases related to Amazon Cognito Sync.

  • connect – Allow principals to troubleshoot technical support cases related to Amazon Connect.

  • directconnect – Allow principals to troubleshoot technical support cases related to Amazon Direct Connect.

  • dms – Allow principals to troubleshoot technical support cases related to Amazon Database Migration Service.

  • ds – Allow principals to troubleshoot technical support cases related to Amazon Directory Service.

  • ec2 – Allow principals to troubleshoot technical support cases related to Amazon Elastic Compute Cloud. This include technical support categories in EC2 (Windows and Linux), Virtual Private Cloud (VPC) and VPC.

  • ecs – Allow principals to troubleshoot technical support cases related to Amazon Elastic Container Service.

  • eks – Allow principals to troubleshoot technical support cases related to Amazon Elastic Kubernetes Service.

  • elasticache – Allow principals to troubleshoot technical support cases related to Amazon ElastiCache.

  • elasticbeanstalk – Allow principals to troubleshoot technical support cases related to Amazon Elastic Beanstalk.

  • elasticfilesystem – Allow principals to troubleshoot technical support cases related to Amazon Elastic File System.

  • elasticloadbalancing – Allow principals to troubleshoot technical support cases related to Elastic Load Balancing.

  • emr-containers – Allow principals to troubleshoot technical support cases related to Amazon EMR on EKS.

  • emr-serverless – Allow principals to troubleshoot technical support cases related to Amazon EMR Serverless.

  • es – Allow principals to troubleshoot technical support cases related to Amazon OpenSearch Service. This includes technical support categories such as OpenSearch Service Managed Cluster.

  • events – Allow principals to troubleshoot technical support cases related to Amazon EventBridge.

  • fsx – Allow principals to troubleshoot technical support cases related to Amazon FSx. This includes technical support categories such as FSX for Windows File Server.

  • glue – Allow principals to troubleshoot technical support cases related to Amazon Glue.

  • guardduty – Allow principals to troubleshoot technical support cases related to Amazon GuardDuty.

  • iam – Allow principals to troubleshoot technical support cases related to Amazon Identity and Access Management.

  • kafka – Allow principals to troubleshoot technical support cases related to Amazon Managed Streaming for Apache Kafka.

  • kafkaconnect – Allow principals to troubleshoot technical support cases related to Amazon Managed Streaming for Apache Kafka Connect.

  • lambda – Allow principals to troubleshoot technical support cases related to Amazon Lambda.

  • logs – Allow principals to troubleshoot technical support cases related to Amazon CloudWatch Logs.

  • medialive – Allow principals to troubleshoot technical support cases related to AWS Elemental MediaLive.

  • mobiletargeting – Allow principals to troubleshoot technical support cases related to Amazon Pinpoint.

  • pipes – Allow principals to troubleshoot technical support cases related to Amazon EventBridge Pipes.

  • polly – Allow principals to troubleshoot technical support cases related to Amazon Polly.

  • quicksight – Allow principals to troubleshoot technical support cases related to Amazon QuickSight.

  • rds – Allow principals to troubleshoot technical support cases related to Amazon Relational Database Service. This includes technical support categories such as: Relational Database Service (Aurora - MySQL-Compat), Relational Database Service (Aurora - PostgreSQL-c), Relational Database Service (PostgreSQL), Relational Database Service (SQL Server), Relational Database Service (MySQL) and Relational Database Service (Oracle).

  • redshift – Allow principals to troubleshoot technical support cases related to Amazon Redshift.

  • redshift-data – Allow principals to troubleshoot technical support cases related to Amazon Redshift Data API.

  • redshift-serverless – Allow principals to troubleshoot technical support cases related to Amazon Redshift Serverless.

  • route53 – Allow principals to troubleshoot technical support cases related to Amazon Route 53.

  • route53domains – Allow principals to troubleshoot technical support cases related to Amazon Route 53 Domains.

  • route53-recovery-cluster – Allow principals to troubleshoot technical support cases related to Amazon Route 53 Recovery Cluster.

  • route53-recovery-control-config – Allow principals to troubleshoot technical support cases related to Amazon Route 53 Recovery Controls.

  • route53-recovery-readiness – Allow principals to troubleshoot technical support cases related to Amazon Route 53 Recovery Readiness.

  • route53resolver – Allow principals to troubleshoot technical support cases related to Amazon Route 53 Resolver.

  • s3 – Allow principals to troubleshoot technical support cases related to Amazon Simple Storage Service.

  • s3express – Allow principals to troubleshoot technical support cases related to Amazon S3 Express.

  • sagemaker – Allow principals to troubleshoot technical support cases related to Amazon SageMaker AI.

  • scheduler – Allow principals to troubleshoot technical support cases related to Amazon EventBridge Scheduler.

  • servicequotas – Allow principals to troubleshoot technical support cases related to Service Quotas.

  • ses – Allow principals to troubleshoot technical support cases related to Amazon Simple Email Service.

  • sns – Allow principals to troubleshoot technical support cases related to Amazon Simple Notification Service.

  • ssm – Allow principals to troubleshoot technical support cases related to Amazon Systems Manager.

  • ssm-contacts – Allow principals to troubleshoot technical support cases related to Amazon Systems Manager Incident Manager Contacts.

  • ssm-incidents – Allow principals to troubleshoot technical support cases related to Amazon Systems Manager Incident Manager.

  • ssm-sap – Allow principals to troubleshoot technical support cases related to Amazon Systems Manager for SAP.

  • swf – Allow principals to troubleshoot technical support cases related to Amazon Simple Workflow Service.

  • vpc-lattice – Allow principals to troubleshoot technical support cases related to Amazon VPC Lattice. This includes technical support categories such as VPC - Transit Gateway.

  • waf – Allow principals to troubleshoot technical support cases related to Amazon WAF.

  • waf-regional – Allow principals to troubleshoot technical support cases related to Amazon WAF Regional.

  • wafv2 – Allow principals to troubleshoot technical support cases related to Amazon WAF V2.

  • workspaces – Allow principals to troubleshoot technical support cases related to Amazon WorkSpaces. This includes technical support categories such as Workspaces (Windows).

  • workspaces-web – Allow principals to troubleshoot technical support cases related to Amazon WorkSpaces Secure Browser. This includes technical support categories such as Workspaces (Windows).

To view the permissions for this policy, see AWSPartnerLedSupportReadOnlyAccess in the Amazon Managed Policy Reference.

Amazon Partner-Led Support updates to Amazon managed policies

View details about updates to Amazon managed policies for Amazon Partner-Led Support since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Amazon Partner-Led Support Document history page.

Change Description Date

AWSPartnerLedSupportReadOnlyAccess – New policy

Added a new Amazon managed policy that contains permissions that can read service metadata for services in your Amazon account.

 November 22, 2024

Amazon Partner-Led Support started tracking changes

Amazon Partner-Led Support started tracking changes for its Amazon managed policies.

 November 22, 2024