Looks like there is already such a rule ("iam-no-support-role") in the "detailed" ruleset, but:
It doesn't work. The rule is not triggered on an account that does not have the AWSSupportAccess permission policy attached to anything -- presumably because ScoutSuite only enumerates AWS-managed permission policies when they are attached to something within the account.
It only requires that the permission policy be attached to something, as opposed to specifically a Role as is required by CIS and ADA.
Is your feature request related to a problem? Please describe.
The App Defense Alliance Cloud Profile requires a check that an incident-management Role has been registered with AWS Support.
Describe the solution you'd like
Implement the check documented at https://github.com/appdefensealliance/ASA-WG/blob/main/Cloud%20App%20and%20Config%20Profile/Cloud%20App%20and%20Config%20Test%20Guide.md#221-ensure-a-support-role-has-been-created-to-manage-incidents-with-aws-support.
Describe alternatives you've considered
None.
Additional context