Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Support Plan

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: Support-001

Ensure that the appropriate support level is enabled for the necessary AWS accounts. For example, if an AWS account is being used to host production systems and environments, it is highly recommended that the minimum AWS Support Plan should be Business. Amazon Web Services provides the following support plans:
Basic – this plan is included in all AWS accounts and provides 24x7 access to customer service, access to AWS documentation, whitepapers and support forums.
Developer – this plan is suitable for customers that are experimenting with Amazon Web Services and provides technical support on top of basic features to help quickly and effectively get started with AWS services and resources.
Business – this support plan is mostly applicable to production workloads, developed and managed with AWS, and provides customers with fast support response times (i.e. less than 4 hours for impaired production systems and less than 1 hour for production systems that are experience downtime), guidance and best practices to implement availability, scalability, and security of production systems and environments.
Enterprise – this plan is for business-critical use of Amazon Web Services. This plan is dedicated to enterprise businesses that are running mission critical workloads on AWS and require high-touch proactive/preventive support.
The purpose of this conformity rule is to validate the support plan required for your AWS account/environment. Cloud Conformity recommends the appropriate support level based on the environment details specified within your Cloud Conformity account settings. For instance, when you register a new AWS account with Cloud Conformity you have the option to specify the type of the environment used. If the type of the environment specified is "prod" or "production" (case insensitive), then the recommended AWS support plan should be Business (minimum). This rule is only available for AWS Accounts on either a Business or Enterprise Support Plan.

This rule can help you with the following compliance standards:

  • NIST4

For further details on compliance standards supported by Conformity, see here.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Reliability

Having access to the right level of support will help you to promote the success of your AWS solutions and maintain the ongoing operational health of your AWS infrastructure.

Note: As example, this rule assumes that the AWS environment type defined within your Cloud Conformity account settings is production, therefore the AWS support level expected should be Business.


Audit

To determine the level of support currently enabled within your AWS account, perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to AWS Support Plans page at https://console.aws.amazon.com/support/plans/.

03 Under Support plans, check the value set to Current support plan attribute. If the Current support plan value is set to Basic or Developer, the level of support currently enabled is not suitable for the selected AWS account. To use the appropriate level of support for the AWS environment type registered with Cloud Conformity, you should upgrade your AWS account support plan to Business (recommended).

04 Repeat steps no 1 – 3 to verify the level of support for other Amazon Web Services accounts registered with Cloud Conformity.

Using AWS CLI

01 Run describe-severity-levels command (OSX/Linux/UNIX) to get the list of the severity levels that you can assign to an AWS Support case within the selected AWS account:

aws support describe-severity-levels
	--region us-east-1

02 The severity level returned by the describe-severity-levels command will map to a support level. If the current AWS account has Enterprise level support the severity levels returned will be "critical" and "urgent". If it has Business level support enabled the value returned will be "urgent". For Developer the severity levels returned will be "low" "normal" and "high". If only the Basic level support is available, the AWS Premium Support is not currently enabled and the following output (error) is returned: "An error occurred (SubscriptionRequiredException) when calling the DescribeSeverityLevels operation: AWS Premium Support Subscription is required to use this service.". The command output should return the requested information about the severity levels available for your AWS account:

{
    "severityLevels": [
        {
            "code": "low",
            "name": "Low"
        },
        {
            "code": "normal",
            "name": "Normal"
        },
        {
            "code": "high",
            "name": "High"
        }
    ]
}

If the severityLevels attribute value is not set to "urgent" (i.e. { "code": "urgent", "name": "Urgent" }), the Production level of support is not enabled, therefore the current support plan (e.g. Developer) is not suitable for the selected AWS account. To use the appropriate level of support for your AWS account, registered with Cloud Conformity, you should upgrade the existing support plan to Business (recommended).

Remediation / Resolution

To enable (or upgrade to) the appropriate level of support for your AWS account, perform the following actions:

Note 1: Managing AWS Support subscription using AWS Command Line Interface (CLI) is not currently supported. To enable or change an AWS support plan, you can use the AWS Management Console.
Note 2: An AWS Support subscription for the member account does not apply to the entire AWS organization, therefore each account must subscribe independently to the necessary support plan.

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to AWS Support Plans page at https://console.aws.amazon.com/support/plans/.

03 Under Support plans, click the Change plan button to start the upgrade process.

04 On the Change support plan page, under New plan, select the necessary AWS support plan (in this case the Business support plan), compatible with your AWS account/environment type (e.g. production). Review the selected support plan features and pricing information then click Change plan to apply the changes. The support level for your AWS account is now upgraded.

05 Repeat steps no 1 – 4 to change (upgrade) the level of support for other Amazon Web Services accounts registered with Cloud Conformity.

References

Publication date Jun 22, 2017