Disabled AWS Enterprise Support

Risk level: Medium

Rule ID: SUPP-001

Ensure that the appropriate level of AWS Support Plan is enabled for the productions accounts and critical workloads.
 
For example, if an AWS account is hosting production systems and critical workloads, it is highly recommended that your AWS Support Plan should be Business or Enterprise.
 
Amazon Web Services provides the following support plans:

  • Basic - The plan is included for all AWS customers and includes the following:
    • 24x7 access to customer service, documentation, white papers, and support forums.
    • Access to the 7 core Trusted Advisor checks and guidance to provision your resources following best practices to increase performance and improve security.
    • A personalised view of the health of AWS services, and alerts when your resources are impacted.
  •  

  • Developer – This plan is recommended for customers that are experimenting or testing in AWS. This plan includes the following additional features on top of basic plan:
    • You get enhanced Technical Support to quickly get started with AWS services and resources. You have email access to Cloud Support Associates (Business hours** ) and can raise unlimited support cases with 1 primary contact.
    • You have access to general architectural guidance as well from AWS.
  •  

  • Business– This plan is recommended and suitable for most of the production workloads in AWS. This plan includes the following additional features on top of the Developer Support Plan:
    • Full set of Trusted Advisor Checks
    • You can raise unlimited cases with unlimited contacts
    • You will get fast support response times on your Production System Impaired/Down cases. i.e. less than 4 hours for impaired production systems and less than 1 hour for production systems that are experience downtime
    • You can raise support cases programatically via access to AWS Support API
    • You will get support and troubleshooting support for 3rd Party Softwares too.
  •  

  • Enterprise – This plan is recommended for business and/or mission critical workloads in AWS. If you are an enterprise businesses that are running mission critical workloads on AWS and require high-touch proactive/preventive support, then this plan is for you. This plan includes the following additional features on top of the Business Support Plan:
    • Faster response times for your Business-critical system. i.e. less than 15 minutes for a business critical system down.
    • Consultative review and guidance based on your applications
    • Designated Technical Account Manager (TAM) to proactively monitor your environment and assist with optimisation and coordinate access to programs and AWS experts.

You can find up-to-date information and pricing on these AWS Support Plans here.

The purpose of this nOps rule is to validate the support plan required for your AWS account/environment.

This rule can help you with the following compliance standards:

Audit

To determine the level of support currently enabled within your AWS account, perform the following:

 

Using AWS Console

1. Sign in to the AWS Management Console.
 
2. Navigate to AWS Support Plans page at https://console.aws.amazon.com/support/plans/.
 
3. Under Support plans, check the value set to Current support plan attribute.


 
If the Current support plan value is set to Basic or Developer, the level of support currently enabled is not suitable for the selected AWS account.
 
To use the appropriate level of support, you must upgrade your AWS account support plan to **Enterprise**.
 
Repeat steps no 1 – 3 to verify the level of support for other Amazon Web Services accounts.

Using AWS CLI

1. Run describe-severity-levels command (OSX/Linux/UNIX) to get the list of the severity levels that you can assign to an AWS Support case within the selected AWS account:

aws support describe-severity-levels \\
	--region us-east-1

 
2. The command output will return the current levels of severity cases that you can raise with AWS . These levels maps to the AWS Support Plan enabled on your AWS account as follows:

a. Basic ⇒ If only the Basic level support is available, the AWS Premium Support is not currently enabled and the following output (error) is returned:

"An error occurred (SubscriptionRequiredException) when calling the DescribeSeverityLevels operation: AWS Premium Support Subscription is required to use this service."

b. Developer ⇒ For Developer plan, the severity levels returned will be low, normal and high

c. Business ⇒ If it has Business level support enabled the value returned will be low, normal , high and urgent

d. Enterprise ⇒ If the current AWS account has Enterprise level support the severity levels returned will be low, normal , high , urgent and critical
 
The command output should return the requested information about the severity levels available for your AWS account:


{
    "severityLevels": [
        {
            "code": "low",
            "name": "Low"
        },
        {
            "code": "normal",
            "name": "Normal"
        },
        {
            "code": "high",
            "name": "High"
        },
        {
            "code": "urgent",
            "name": "Urgent"
        }
    ]
}

If the severityLevels attribute value is not set to critical i.e if you don;t see the following element in the list:

{ "code": "critical", "name": "Critical" }

then the Enterprise support plan is not enabled.

 

Remediation / Resolution

To enable (or upgrade to) the appropriate level of support for your AWS account, perform the following actions:

Using AWS Console

1. Sign in to the AWS Management Console using root credentials.

2. Navigate to AWS Support Plans page at https://console.aws.amazon.com/support/plans/.

3. Under Support plans, click the Change plan button to start the upgrade process.

4. On the Change support plan page, under New plan, select Enterprise Support Plan

5. Review the selected support plan features and pricing information then click Change plan to apply the changes. The support level for your AWS account is now upgraded.

6. Repeat steps no 1 – 4 to change (upgrade) the level of support for other Amazon Web Services accounts.

Using AWS CLI

Managing AWS Support subscription using AWS Command Line Interface (CLI) is not currently supported.

Still Need Help?

Come see why we are the #1 cloud management platform and why companies like Uber, Dickey’s BBQ Pit and Norwegian Cruise Line trust nOps to manage their cloud.