Testing Support Center Console API calls

To validate that your IAM policies are correctly configured for Support Center Console API operations, open the AWS Support Center Console to generate recent API calls.

To check for missing IAM permissions, complete the following steps:

Sign in to the AWS Management Console and open the CloudTrail console at https://console.aws.amazon.com/cloudtrail.
Check the AWS Region dropdown to make sure that you're in the US East (N. Virginia) Region.
In the navigation pane, choose Event history.
Filter by event source support-console.amazonaws.com.
Match the event names to the list of support-console:* operations in Adding IAM policies for the Support Center Console API operations (for example, GetAccountState).
Open the matching events and check for an additionalEventData field containing an authZHeader entry. If present, your IAM policy is missing the permission listed in that entry.
Add the specific support-console permission to your IAM policy. You can grant access to all operations using support-console:*, or select individual operations for fine-grained control. For the full list of operations, see Adding IAM policies for the Support Center Console API operations.
To verify the fix, revisit the AWS Support Center Console to generate new API calls, then repeat steps 1–6. Make sure that the new events no longer contain an additionalEventData field.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Adding IAM policies for the Support Center Console API operations

About the AWS Support API