Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for AWS Support

AWS Support (service prefix: support) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by AWS Support

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

AWS Support does not let you allow or deny access to individual actions; therefore your policy must use the "Action": "support:*" to use the AWS Support Center or to use the AWS Support API. In addition, when you use the AWS Support API to call Trusted Advisor-related actions (such as DescribeTrustedAdvisorChecks), none of the trustedadvisor actions restrict your access. The trustedadvisor actions apply only to Trusted Advisor in the AWS Management Console.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AddAttachmentsToSet Adds one or more attachments to an attachment set. If an attachmentSetId is not specified, a new attachment set is created. Write
AddCommunicationToCase Adds additional customer communication to an AWS Support case. Write
CreateCase Creates a new case in the AWS Support Center. Write
DescribeAttachment Returns a description of an attachment. Read
DescribeCases Returns a list of cases that matches the given inputs List
DescribeCommunications Returns the communications (and attachments) for one or more support cases Read
DescribeServices Returns the current list of AWS services and a list of service categories that applies to each one. Read
DescribeSeverityLevels Returns the list of severity levels that can be assigned to an AWS Support case. List
DescribeTrustedAdvisorCheckRefreshStatuses Returns the refresh status of the Trusted Advisor checks that have the specified check identifiers. Read
DescribeTrustedAdvisorCheckResult Returns the results of the Trusted Advisor check that has the specified check identifier. Read
DescribeTrustedAdvisorCheckSummaries Returns the summaries of the results of the Trusted Advisor checks that have the specified check identifiers. Read
DescribeTrustedAdvisorChecks Returns information about all available Trusted Advisor checks, including name, ID, category, description, and metadata. Read
RefreshTrustedAdvisorCheck Requests a refresh of the Trusted Advisor check that has the specified check ID. Write
ResolveCase Resolves a case. Write

Resources Defined by Support

AWS Support has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for AWS Support

Support has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.