- 최신
- 최다 투표
- 가장 많은 댓글
Hello.
If you are not using AWS Organizations to manage your AWS account, you should be fine.
If your AWS account is managed by AWS Organizations, we recommend that you check whether the corresponding policy is being used in SCP just to be sure.
As stated in the document below, SCPs are not visible in the "Affected Policies tool".
Please note that the Affected Policies console only shows impacted IAM policies within the logged-in account and does not display Service control policies (SCPs) that are impacted by this change. Please use the Bulk Policy Migrator scripts to identify and update IAM policies for all accounts within the organization. You will need to log into the AWS Organizations console to view the affected Service Control Policies (SCPs). The remainder of the blog provides details on how you can transition from the existing IAM actions to fine-grained actions in the console. If you manage and maintain IAM policies in a version-controlled repository, be sure to make these same changes to your automation. In case of further questions, contact AWS support.
I now see that Access Advisor shows AWS Billing Console as an allowed service so I think it's best that I fix the policy.
The mapping ( https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/migrate-granularaccess-iam-mapping-reference.html ) shows ce: and cur: actions but I don't have those in the policy editor. Is there a reason for that?