- Newest
- Most votes
- Most comments
Hello,
The root user is not supposed to be used as best practice. Also, some functionality of the root user is restricted sometimes, and with other services, you cannot do certain functions, like switching roles.
Here is a list of methods that you can implement:
- Verify that the IAM user has been granted access to AWS Support. By default, IAM users do not have access.
- Check the policy attached to the IAM user's identity (user or role) and make sure it includes the necessary permissions for AWS Support actions like support:CreateCase
- Confirm the AWS account has one of the paid support plans (Business or Enterprise) as IAM users on free support plans only have limited access.
Maybe this article can help. https://repost.aws/knowledge-center/iam-support-permissions
Thank you for your answer, I hope its ok, that im answering with some pictures. In the first one you can see, that the IAM-User has the policy "AWSSupportAccess"
The second and the third picture show which read and write permissions are included in AWSSupportAccess:
In the third picture the write permission "Create Case" is active:
So the permission AWSSupportAccess is set, its including all read and write permissions of it and we're using the enterprise edition
Hello,
The root user can also not access the support case, indicating an issue with the account's support plan or permissions. A few things to check:
-
Verify the AWS account has an active paid support plan (Business or Enterprise) as IAM users only have access to the support center with these plans.
-
Confirm the root user's permissions by checking if they are explicitly denied the support:ResolveCase or other support actions through an attached policy.
-
As a test, the root user can try accessing the support center in a new AWS account to see if the issue reproduces.
-
Review any service control policies (SCPs) attached to the organization to check for any explicit denies on support actions.
-
Check CloudTrail logs for any support API errors that may provide more details on the permission issue.
Relevant content
- asked 3 months ago
- asked 8 months ago
- asked a month ago
- asked 4 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago