Can't create tickets as IAM and Root User (An error occurred when tried to process your request - You don't have the necessary IAM permissions to view that support case)

Question

Hello,

we're using Salesforce Service Cloud Voice with Amazon Connect and we're in the development phase atm. 
Inbound calls are working fine but the outbound calls only working to the standard countries/prefixes, like its told in this article for EU: https://docs.aws.amazon.com/connect/latest/adminguide/country-code-allow-list.html
But our country is Germany and we can't outbound call to Germany yet. So the article says, we have to create a ticket to AWS. 
But that's not possible, because we're getting the following error: "An error occurred when tried to process your request - You don't have the necessary IAM permissions to view that support case". We tried it with our Root-User and a brand new created IAM-User. 
Another article  said, that the IAM-User needs the policy "AWSSupportAccess", to work with tickets. https://docs.aws.amazon.com/awssupport/latest/user/accessing-support.html 
But that doesn't changed anything. We're also wondering, why it's not possible to write a ticket with the Root-User and getting the same error. 
In the past we already have used the ticket system really successfully.  
Maybe someone has a clue whats going on, would be great. Thanks in advance and with the best regards! :)

Answer

Thank you for your answer, I hope its ok, that im answering with some pictures.
In the first one you can see, that the IAM-User has the policy "AWSSupportAccess"

![IAM User](/media/postImages/original/IMdQGfrw80SzC56imKSz_SVQ)

The second and the third picture show which read and write permissions are included in AWSSupportAccess:

![AWSSupportAccess with Permissions](/media/postImages/original/IMT7mkC7MIQoSxkKeWjgw8ug)

In the third picture the write permission "Create Case" is active:

![AWSSupportAccess with Permissions 2](/media/postImages/original/IMEw9qBTHdRkCY2OijG8_cRg)

So the permission AWSSupportAccess is set, its including all read and write permissions of it and we're using the enterprise edition

Answer

Hello,

The root user is not supposed to be used as best practice. Also, some functionality of the root user is restricted sometimes, and with other services, you cannot do certain functions, like switching roles.

Here is a list of methods that you can implement:

* Verify that the IAM user has been granted access to AWS Support. By default, IAM users do not have access.
* Check the policy attached to the IAM user's identity (user or role) and make sure it includes the necessary permissions for AWS Support actions like support:CreateCase
* Confirm the AWS account has one of the paid support plans (Business or Enterprise) as IAM users on free support plans only have limited access.

Maybe this article can help.
https://repost.aws/knowledge-center/iam-support-permissions

Answer

Hello,

The root user can also not access the support case, indicating an issue with the account's support plan or permissions. A few things to check:

* Verify the AWS account has an active paid support plan (Business or Enterprise) as IAM users only have access to the support center with these plans.
 
* Confirm the root user's permissions by checking if they are explicitly denied the support:ResolveCase or other support actions through an attached policy.

* As a test, the root user can try accessing the support center in a new AWS account to see if the issue reproduces.

* Review any service control policies (SCPs) attached to the organization to check for any explicit denies on support actions.
 
* Check CloudTrail logs for any support API errors that may provide more details on the permission issue.

Can't create tickets as IAM and Root User (An error occurred when tried to process your request - You don't have the necessary IAM permissions to view that support case)

Relevant content