Update access permissions for AWS Billing, Cost Management, and Account Consoles

Changes to access permissions

On January 2023, AWS announced the replacement of IAM actions for the Billing, Cost Management, and Account Consoles under the service prefix aws-portal and the purchase-orders:ViewPurchaseOrders and purchase-orders:ModifyPurchaseOrders actions with new fine-grained service specific permissions.

If your AWS account has IAM policies that use the retired actions, you may have already received a message from AWS in your root user email address of the account (the email address provided when creating the account), reminding you to update your policies for continued access to Billing, Cost Management, and Account Console, titled:

[Action required][Reminder] Update your policies for continued access to Billing, Cost Management, and Account consoles [AWS Account: <account ID>]

You may also see a similar notice in the IAM Console.

See also

For the full announcement, see the AWS blog Changes to AWS Billing, Cost Management, and Account Consoles Permissions.

Update affected policies

To update the affected policies:

1. Log in to your AWS account and access the Affected Policy console.

2. You'll see detailed step-by-step instructions with a table that lists all IAM policies that reference the retired actions.

   

   • If a policy has no CloudHealth in its name, select Copy to copy the updated policy and then select Edit to edit the policy in IAM Console.

   • If a policy has CloudHealth in its name, copy the DoiT CloudHealth JSON Policy and then select Edit to replace the existing policy with it.

3. Go back to the Affected Policy console and verify that there are no policies to be updated.