Manage access to Amazon Web Services Support Center
You must have permissions to access Support Center and to create a support case.
You can use one of the following options to access Support Center:
-
Use the email address and password associated with your Amazon account. This identity is called the Amazon account root user.
-
Use Amazon Identity and Access Management (IAM).
If you have a Business, Enterprise On-Ramp, or Enterprise Support plan, you can also use the Amazon Web Services Support API to access Amazon Web Services Support and Trusted Advisor operations programmatically. For more information, see the Amazon Web Services Support API Reference.
If you can't sign in to Support Center, you can use the Contact Us
Amazon account
You can sign in to the Amazon Web Services Management Console and access the Support Center by using your Amazon account email address and password. This identity is called the Amazon account root user. However, we strongly recommend that you don't use the root user for your everyday tasks, even the administrative ones. Instead, we recommend that you use IAM, which lets you control who can perform certain tasks in your account.
IAM
By default, IAM users can't access the Support Center. You can use IAM to create individual users or groups. Then, you attach IAM policies to these entities, so that they have permission to perform actions and access resources, such as to open Support Center cases and use the Amazon Web Services Support API.
After you create IAM users, you can give those users individual passwords and an account-specific sign-in page. They can then sign in to your Amazon account and work in the Support Center. IAM users who have Amazon Web Services Support access can see all cases that are created for the account.
For more information, see How IAM users sign in to your Amazon account in the IAM User Guide.
The easiest way to grant permissions is to attach the Amazon managed policy AWSSupportAccessResource
element is
always set to *
. You can't allow or deny access to specific support cases.
Example : Allow access to all Amazon Web Services Support actions
The Amazon managed policy AWSSupportAccess
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["support:*"], "Resource": "*" } ] }
For more information about how to attach the AWSSupportAccess
policy
to your entities, see Adding IAM identity permissions (console) in the
IAM User Guide.
Example : Allow access to all actions except the ResolveCase action
You can also create customer managed policies in IAM to specify what actions to allow or deny. The following policy statement allows an IAM user to perform all actions in Amazon Web Services Support except resolve a case.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "support:*", "Resource": "*" }, { "Effect": "Deny", "Action": "support:ResolveCase", "Resource": "*" }] }
For more information about how to create a customer managed IAM policy, see Creating IAM policies (console) in the IAM User Guide.
If the user or group already has a policy, you can add the Amazon Web Services Support-specific policy statement to that policy.
-
If you can't view cases in the Support Center, make sure that you have the required permissions. You might need to contact your IAM administrator. For more information, see Identity and access management for Amazon Web Services Support.
Access to Amazon Trusted Advisor
In the Amazon Web Services Management Console, a separate trustedadvisor
IAM namespace controls
access to Trusted Advisor. In the Amazon Web Services Support API, the support
IAM namespace controls
access to Trusted Advisor. For more information, see Manage access to Amazon Trusted Advisor.