How to use the affected policies tool
Note
The following Amazon Identity and Access Management (IAM) actions have reached the end of standard support:
-
aws-portal
namespace -
purchase-orders:ViewPurchaseOrders
-
purchase-orders:ModifyPurchaseOrders
If you're using Amazon Organizations, you can use the bulk policy migrator scripts or bulk policy migrator to update polices from your payer account. You can also use the old to granular action mapping reference to verify the IAM actions that need to be added.
If you have an Amazon Web Services account, or are a part of an Amazon Organizations created on or after November 16, 2023, 11:00 AM (PDT), the fine-grained actions are already in effect in your organization.
You can use the Affected policies tool in the Billing console to identify IAM policies (excluding SCPs), and reference the IAM actions affected by this migration.
This tool operates within the boundaries of the Amazon account you're signed into, and information regarding other Amazon Organizations accounts are not disclosed.
To use the Affected policies tool
Sign in to the Amazon Web Services Management Console and open the Amazon Billing console at https://console.amazonaws.cn/billing/
. -
Paste the following URL into your browser to access the Affected policies tool: https://cn-northwest-1.console.amazonaws.cn/poliden/home
. Note
You must have the
iam:GetAccountAuthorizationDetails
permission to view this page. -
Review the table that lists the IAM policies affected. Use the Deprecated IAM actions column to review specific IAM actions referenced in a policy.
-
Choose an IAM policy name you wish to edit.
-
Once you're redirected to the IAM console, update the affected IAM action with the new action. Don't remove any existing
aws-portal
orpurchase-orders
action if you have any. -
Repeat steps 3 to 5 for all listed policies.
-
Once all of the policies are resolved, access the Affected policies tool to confirm there are no policies listed.
Related resources
For more information about the new fine-grained actions, see the Mapping fine-grained IAM actions reference and Using fine-grained Billing actions.