Update access permissions for AWS Billing, Cost Management, and Account Consoles
Changes to access permissions
On January 2023, AWS announced the replacement of IAM actions for the Billing, Cost Management, and Account Consoles under the service prefix
aws-portal and the
purchase-orders:ModifyPurchaseOrders actions with new fine-grained service specific permissions.
If your AWS account has IAM policies that use the retired actions, you may have already received a message from AWS in your root user email address of the account (the email address provided when creating the account), reminding you to update your policies for continued access to Billing, Cost Management, and Account Console, titled:
[Action required][Reminder] Update your policies for continued access to Billing, Cost Management, and Account consoles [AWS Account: <account ID>]
You may also see a similar notice in the IAM Console.
For the full announcement, see the AWS blog Changes to AWS Billing, Cost Management, and Account Consoles Permissions.
Update affected policies
To update the affected policies:
Log in to your AWS account and access the Affected Policy console.
You'll see detailed step-by-step instructions with a table that lists all IAM policies that reference the retired actions.
If a policy has no
CloudHealthin its name, select Copy to copy the updated policy and then select Edit to edit the policy in IAM Console.
If a policy has
CloudHealthin its name, copy the DoiT CloudHealth JSON Policy and then select Edit to replace the existing policy with it.
Go back to the Affected Policy console and verify that there are no policies to be updated.