AWS Billing AWS fine grain IAM actions

Question

![Manage IAM Migration](/media/postImages/original/IMqBQaTe_ETCy5S61__Xju9Q)
When i'm trying to migrate Billing IAm policy. It is giving me this promt "Failed to save changes to policy .
Cannot perform the operation on the protected role 'AWSReservedSSO_data_warehouse_user_557f144c404dfcb9' - this role is only modifiable by AWS"
Does AWS Takes care of this policy or do i have to take any action on this?
i'm unable to fine that policy in my account either in roles or policies and users too.
And for all the administrator access role will AWS itself migrate the policies?

Answer

Hey Sravya,

This is an IAM Role that was created through the AWS IAM Identity Center service. It looks like you're trying to modify the inline policy on the role. This is deemed a change to the IAM Role itself, and cannot be done from the IAM console.

In order to modify the inline policy on an IAM Role that was provisioned by the IAM Identity Center (IdC) service, you will need to go to the IAM IdC administrator console, modify the [Permission Set](https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetsconcept.html) that created the IAM Role, and then [push the change out to the account(s)](https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsets.html) that you want to see the change on. If you have an AWS Admin in your company who controls the administration of the IAM IdC service, then you will need to reach out to them to make this change, as it can only be made from the Management account of the organisation in AWS Organizations, or the delegated administration account for IAM IdC.

For clarity - the **only** IAM Roles and Policies that AWS will automatically update on your behalf are IAM Roles that are provisioned by services), and the AWS Managed IAM Policies - both of which you will be notified of in your PHD (Personal Health Dashboard) in advance of the change being made.

AWS Billing AWS fine grain IAM actions

관련 콘텐츠