Managing access to the Amazon Web Services Support App widget
You can attach an Amazon Identity and Access Management (IAM) policy to grant an IAM user permission to configure the Amazon Web Services Support App widget in the Amazon Support Center Console.
For more information about how to add a policy to an IAM entity, see Adding IAM identity permissions (console) in the IAM User Guide.
Note
You can also sign in as the root user in your Amazon Web Services account, but we don't recommend that you do this. For more information about root user access, see Safeguard your root user credentials and don't use them for everyday tasks in the IAM User Guide.
Example IAM policy
You can attach the following policy to an entity, such as an IAM user or group. This policy allows a user to authorize a Slack workspace and configure Slack channels in the Support Center Console.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "supportapp:GetSlackOauthParameters", "supportapp:RedeemSlackOauthCode", "supportapp:DescribeSlackChannels", "supportapp:ListSlackWorkspaceConfigurations", "supportapp:ListSlackChannelConfigurations", "supportapp:CreateSlackChannelConfiguration", "supportapp:DeleteSlackChannelConfiguration", "supportapp:DeleteSlackWorkspaceConfiguration", "supportapp:GetAccountAlias", "supportapp:PutAccountAlias", "supportapp:DeleteAccountAlias", "supportapp:UpdateSlackChannelConfiguration", "iam:ListRoles" ], "Resource": "*" } ] }
Permissions required to connect the Amazon Web Services Support App to Slack
The Amazon Web Services Support App includes permission-only actions that don't directly correspond to an API operation. These actions are indicated in the Service Authorization Reference with [permission only].
The Amazon Web Services Support App uses the following API actions to connect to Slack and then lists your public Slack channels in the Amazon Support Center Console:
-
supportapp:GetSlackOauthParameters
-
supportapp:RedeemSlackOauthCode
-
supportapp:DescribeSlackChannels
These API actions are not intended to be called by your code. Therefore, these API actions are not included in the Amazon CLI and Amazon SDKs.