Amazon account (not recommended)Amazon support actions IAM Access to Amazon Trusted Advisor

Manage access to Amazon Web Services Support Center

You must have permissions to access Support Center and to create a support case.

You can use one of the following options to access Support Center:

Use Amazon Identity and Access Management (IAM).
Use the email address and password associated with your Amazon account. This identity is called the Amazon account root user (not recommended).

If you have a Business, Enterprise On-Ramp, or Enterprise Support plan, you can also use the Amazon Web Services Support API to access Amazon Web Services Support and Trusted Advisor operations programmatically. For more information, see the Amazon Web Services Support API Reference.

Note

If you can't sign in to Support Center, you can use the Contact Us page instead. You can use this page to get help with billing and account issues.

Amazon account (not recommended)

You can sign in to the Amazon Web Services Management Console and access the Support Center by using your Amazon account email address and password. This identity is called the Amazon account root user. However, we strongly recommend that you don't use the root user for your everyday tasks, even the administrative ones. Instead, we recommend that you use IAM, which lets you control who can perform certain tasks in your account.

Amazon support actions

You can perform the following Amazon Web Services Support actions in the console. You can also specify these Amazon Web Services Support actions in an IAM policy to allow or deny specific actions.

Note

Denying any of the following actions in your IAM policies, might result in unintended behavior in Support Center when creating or interacting with a support case.

Action	Description
`AddAttachmentsToSet`	Grants permission to add one or more attachments to an attachment set. An attachment set is a temporary container for attachments that you add to a case or case communication. The set is available for 1 hour after it's created. The expiryTime returned in the response is when the set expires.
`AddCommunicationToCase`	Grants permission to add additional customer communication to an Amazon Web Services Support case, including a set of email addresses to copy on the communication.
`CreateCase`	Grants permission to create a case.
`DescribeAttachment`	Grants permission to retrieve an attachment on a case.
`DescribeCaseAttributes`	Grants permission to allow secondary services to read Amazon Web Services Support case attributes. *This is used internally by Amazon Web Services Support Center to get attributes tagged on your case.
`DescribeCases`	Grants permission to return a list of Amazon Web Services Support cases that matches a case ID or case IDs.
`DescribeCommunication`	Grants permission to get a single communication and attachments for a single Amazon Amazon Web Services Support case.
`DescribeCommunications`	Grants permission to return communications and attachments for one or more Amazon Web Services Support cases.
`DescribeCreateCaseOptions`	Grants permission to return a list of CreateCaseOption types along with the corresponding supported hours and language availability.
`DescribeIssueTypes`	Grants permission to return issue types for Amazon Web Services Support cases. This is used internally by Amazon Web Services Support Center to get available issue types for your account.
`DescribeServices`	Grants permission to return the current list of Amazon services and a list of service categories for each service. You then use service names and categories to create a case. Each Amazon service has its own set of categories.
`DescribeSeverityLevels`	Grants permission to return the list of severity levels that you can assign to a Amazon Web Services Support case.
`DescribeSupportedLanguages`	Grants permission to return a list of supported languages for a specified categoryCode, issueType and serviceCode.
`DescribeSupportLevel`	Grants permission to return the support level for an Amazon account identifier. This is used internally by Amazon Web Services Support Center to identify your support level.
`DescribeTrustedAdvisorCheckRefreshStatuses`	Grants permission to return the refresh status of the Amazon Trusted Advisor checks that have the specified check IDs.
`DescribeTrustedAdvisorCheckResult`	Grants permission to return the results of the Amazon Trusted Advisor check that has the specified check ID.
`DescribeTrustedAdvisorChecks`	Grants permission to return information about all available Amazon Trusted Advisor checks, including the name, ID, category, description, and metadata.
`DescribeTrustedAdvisorCheckSummaries`	Grants permission to return the results for the Amazon Trusted Advisor check summaries for the check IDs that you specified.
`GetInteraction`	Grants permission to retrieve details about a specific interaction by its unique identifier. This is used internally by Amazon Web Services Support Center to retrieve personalized recommendations.
`InitiateCallForCase`	Grants permission to initiate a call on Amazon Web Services Support Center. This is used internally by Amazon Web Services Support Center to start a call on your behalf.
`InitiateChatForCase`	Grants permission to initiate a chat on Amazon Web Services Support Center. This is used internally by Amazon Web Services Support Center to start a chat on your behalf.
`PutCaseAttributes`	Grants permission to allow secondary services to attach attributes to Amazon Web Services Support cases. This is used internally by Amazon Web Services Support Center to add operational tags to your Amazon Web Services Support cases.
`RateCaseCommunication`	Grants permission to rate a Amazon Web Services Support case communication.
`RefreshTrustedAdvisorCheck`	Grants permission to refresh the Amazon Trusted Advisor check that you specify using the check ID.
`ResolveCase`	Grants permission to resolve a Amazon Web Services Support case.
`SearchForCases`	Grants permission to return a list of Amazon Web Services Support cases that matches the given inputs. This is used internally by Amazon Web Services Support Center to find searched cases.
`StartInteraction`	Grants permission to initiate a new interaction to receive personalized troubleshooting assistance for account and technical issues. This is used internally by Amazon Web Services Support Center to initiate the troubleshooting process.

IAM

By default, IAM users can't access the Support Center. You can use IAM to create individual users or groups. Then, you attach IAM policies to these entities, so that they have permission to perform actions and access resources, such as to open Support Center cases and use the Amazon Web Services Support API.

After you create IAM users, you can give those users individual passwords and an account-specific sign-in page. They can then sign in to your and work in Amazon Web Services account the Support Center. IAM users who have Amazon Web Services Support access can see all cases that are created for the account.

For more information, see Sign in to the Amazon Web Services Management Console as an IAM user in the IAM User Guide.

The easiest way to grant permissions is to attach the Amazon managed policy AWSSupportAccess to the user, group, or role. Amazon Web Services Support allows action-level permissions to control access to specific Amazon Web Services Support operations. Amazon Web Services Support doesn't provide resource-level access, so the Resource element is always set to *. You can't allow or deny access to specific support cases.

Example : Allow access to all Amazon Web Services Support actions

The Amazon managed policy AWSSupportAccess grants an IAM user access to Amazon Web Services Support. An IAM user with this policy can access all Amazon Web Services Support operations and resources.


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": ["support:*"],
            "Resource": "*"
        }
    ]
}

For more information about how to attach the AWSSupportAccess policy to your entities, see Adding IAM identity permissions (console) in the IAM User Guide.

Example : Allow access to all actions except the ResolveCase action

You can also create customer managed policies in IAM to specify what actions to allow or deny. The following policy statement allows an IAM user to perform all actions in Amazon Web Services Support except resolve a case.


{
   "Version": "2012-10-17",
   "Statement": [
   {
      "Effect": "Allow",
      "Action": "support:*",
      "Resource": "*"
   },
   {
       "Effect": "Deny",
       "Action": "support:ResolveCase",
       "Resource": "*"
    }]
}

For more information about how to create a customer managed IAM policy, see Creating IAM policies (console) in the IAM User Guide.

If the user or group already has a policy, you can add the Amazon Web Services Support-specific policy statement to that policy.

Important

If you can't view cases in the Support Center, make sure that you have the required permissions. You might need to contact your IAM administrator. For more information, see Identity and access management for Amazon Web Services Support.

Access to Amazon Trusted Advisor

In the Amazon Web Services Management Console, a separate trustedadvisor IAM namespace controls access to Trusted Advisor. In the Amazon Web Services Support API, the support IAM namespace controls access to Trusted Advisor. For more information, see Manage access to Amazon Trusted Advisor.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Amazon managed policies for Amazon Partner-Led Support

Manage access to Amazon Web Services Support Plans