Select a membership account

A membership account is the AWS account used to configure account details, add and remove details for your incident response team, and where all active and historical security events can be created and managed. It is recommended that you align your AWS Security Incident Response membership account to the same account that you have enabled for services such as Amazon GuardDuty and AWS Security Hub.

You have two options for selecting your AWS Security Incident Response membership account using AWS Organizations. You can either create a membership in the Organizations management account or in an Organizations delegated administrator account.

Use the delegated administrator account: AWS Security Incident Response administrative tasks and case management are located in the delegated administrator account. We recommend using the same delegated administrator you've set for other AWS security and compliance services. Provide the 12-digit delegated administrator account ID and then log in to that account to proceed.

Use the currently logged in account: Selecting this account means the current account will be central membership account for your AWS Security Incident Response membership. Individuals within your organization will need to access the service through this account to create, access, and manage active and resolved cases.

Ensure you have sufficient permissions to administer AWS Security Incident Response.

Refer to Adding and removing IAM identity permissions for specific steps to add permissions.

Refer to AWS Security Incident Response managed policies.

To verify IAM permissions, you can follow these steps:

Check the IAM Policy: Review the IAM policy attached to your user, group, or role to ensure it grants the necessary permissions. You can do this by navigating to the https://console.aws.amazon.com/iam/, select the Users option, choose the specific user, and then on their summary page, go to the Permissions tab where you can see a list of all attached policies; you can expand each policy row to view its details.
Test the Permissions: Try to perform the action you need to verify the permissions. For example, if you need to access a case, try to ListCases. If you don't have the necessary permissions, you'll receive an error message.
Use the AWS CLI or SDK: You can use the AWS Command Line Interface Command Line Interface (CLI) or an AWS SDK in your preferred programming language to test the permissions. For example, with the AWS Command Line Interface, you can run the aws sts get-caller-identity command to verify your current user permissions.
Check the AWS CloudTrail logs: Review the CloudTrail logs to see if the actions you're trying to perform are being logged. This can help you identify any permission issues.
Use the IAM policy simulator: The IAM policy simulator is a tool that allows you to test IAM policies and see the effect they have on your permissions.

Note

The specific steps may vary depending on the AWS service and the actions you're trying to perform.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Getting Started

Setup membership details