How to use the affected policies tool - Amazon Billing
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

How to use the affected policies tool

Note

The following Amazon Identity and Access Management (IAM) actions have reached the end of standard support:

  • aws-portal namespace

  • purchase-orders:ViewPurchaseOrders

  • purchase-orders:ModifyPurchaseOrders

If you're using Amazon Organizations, you can use the bulk policy migrator scripts or bulk policy migrator to update polices from your payer account. You can also use the old to granular action mapping reference to verify the IAM actions that need to be added.

If you have an Amazon Web Services account, or are a part of an Amazon Organizations created on or after November 16, 2023, 11:00 AM (PDT), the fine-grained actions are already in effect in your organization.

You can use the Affected policies tool in the Billing console to identify IAM policies (excluding SCPs), and reference the IAM actions affected by this migration.

This tool operates within the boundaries of the Amazon account you're signed into, and information regarding other Amazon Organizations accounts are not disclosed.

To use the Affected policies tool
  1. Sign in to the Amazon Web Services Management Console and open the Amazon Billing console at https://console.amazonaws.cn/billing/.

  2. Paste the following URL into your browser to access the Affected policies tool: https://cn-northwest-1.console.amazonaws.cn/poliden/home.

    Note

    You must have the iam:GetAccountAuthorizationDetails permission to view this page.

  3. Review the table that lists the IAM policies affected. Use the Deprecated IAM actions column to review specific IAM actions referenced in a policy.

  4. Choose an IAM policy name you wish to edit.

  5. Once you're redirected to the IAM console, update the affected IAM action with the new action. Don't remove any existing aws-portal or purchase-orders action if you have any.

  6. Repeat steps 3 to 5 for all listed policies.

  7. Once all of the policies are resolved, access the Affected policies tool to confirm there are no policies listed.

For more information about the new fine-grained actions, see the Mapping fine-grained IAM actions reference and Using fine-grained Billing actions.