How do I grant an IAM user access to file support cases?

2 minute read

An AWS Identity and Access Management (IAM) user on my AWS account can't file support cases.


By default, IAM users on an AWS account can't access services and functions unless the AWS account root user explicitly grants access. You can grant permission to IAM users to access the AWS Support Center by attaching a managed policy to the IAM user, group, or role.

Follow the instructions to use a managed policy as a permissions policy for an identity (AWS Management Console), and then choose the AWSSupportAccess policy.

The following example policy grants access to AWS Support but restricts the IAM user from resolving cases:

   "Version": "2012-10-17",
   "Statement": [
      "Effect": "Allow",
      "Action": "support:*",
      "Resource": "*"
       "Effect": "Deny",
       "Action": "support:ResolveCase",
       "Resource": "*"

For additional information, see Access permissions for AWS Support.

Be sure that the IAM users have permissions to view and access AWS services before contacting AWS Support. For instructions on updating an existing IAM policy, see Managing IAM policies.

Note: AWS Support is limited in what they can discuss with IAM users. However, they can speak with the AWS account root user about all the details related to an account and its resources.

Related information

Controlling access to AWS resources using policies

Policies and permissions in IAM

AWS OFFICIALUpdated 2 years ago