1回答
- 新しい順
- 投票が多い順
- コメントが多い順
2
I've tried it and figured out that attaching IAM policy arn:aws:iam::aws:policy/AWSSupportAccess
to IAM user is not enough. I've attached it to one group and one IAM role, reevaluated the AWS Config rule, and it became Compliant
関連するコンテンツ
- AWS公式更新しました 2年前
- AWS公式更新しました 2年前
- AWS公式更新しました 3年前
- AWS公式更新しました 10ヶ月前
Thank you for answer. But I didn't understand it properly. To all user groups and roles in iam Do I need to attach the arn:aws:iam::aws:policy/AWSSupportAccess policy? The way I did it IAM policy - Check the AWSSupportAccess checkbox - Actions - Connect - Check everything that appears in the IAM entity - Attach policy This will attach the AWSSupportAccess policy to all IAM ROLEs and user groups. Of course, it is only added to the ROLE I created, not the ROLE created by AWS. If you then re-evaluate your AWS CONFIG, it will be marked as non-compliant.
You don't need to add AWSSupportAccess policy to ALL IAM users and group 1 user and 1 group is enough