AWS security-ir documentation change
Summary
Added documentation about manually creating service-linked role in management account when using delegated administrator
Security assessment
The change adds guidance for creating a required security role, which is part of secure service configuration but does not indicate a specific security vulnerability being addressed
Diff
diff --git a/security-ir/latest/userguide/select-a-membership-account.md b/security-ir/latest/userguide/select-a-membership-account.md index ea70bda92..4ac07c864 100644 --- a//security-ir/latest/userguide/select-a-membership-account.md +++ b//security-ir/latest/userguide/select-a-membership-account.md @@ -12,0 +13,21 @@ You have two options for selecting your AWS Security Incident Response membershi +###### Important + +When you use a delegated administrator account as part of setup, AWS Security Incident Response cannot automatically create the required triage service linked role in your AWS Organizations management account. + +You can use the IAM to create this role in your AWS Organizations management account + +###### To create a service-linked role (console) + + 1. Login to your AWS Organizations management account. + + 2. Access the AWS CloudShell window or access the account via CLI in your preferred method. + + 3. Use the CLI command `aws iam create-service-linked-role --aws-service-name triage.security-ir.amazonaws.com` + + 4. (Optional) To verify the command worked you can execute the command `aws iam get-role --role-name AWSServiceRoleForSecurityIncidentResponse_Triage` + + 5. Review the role and then choose **Create role**. + + + +