By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

What changes would I need to make for the AWS Console Update?

0

I have recieved an email about "Update your policies by December 11, 2023, for continued access to Billing, Cost Management, and Account consoles."

I am a one-person business and I use AWS solely as an off-site data back-up repository (which I back up to mostly through using the Powershell commands). I have no other users; and in fact while I think I set-up and IAM at the start, in practise I just sign in via the root identify anyway.

According to the Billing Management Console page, IAM user/role access to billing information is currently Deactivated anyway; so in theory I have no IAM permission that basically would need migrating. (I probably only got the email because I did set one up, I think.)

What, if anything do I actually need to do (if anything) to bring things up to date such that I can continue to use my account without interruption?

Topics
Cloud Financial Management
Tags
AWS Billing
Language
English
Aotrs Commander
asked 10 months ago1614 views
1 Answer
0

The email, which you have got has step by step process to take care of the warnings. This is required as some of the IAM actions related to Billing, Cost Management, and Account consoles are retired and new actions have been created as replacement of those older actions with enhanced features.

To ensure you have continued access to our consoles, we are granting you a final extension until December 11, 2023, to migrate your policies to new actions. To help you with the migration, we have published a mapping between old and new actions in our user guide [1]. If you need to update policies across multiple member accounts in your organization, we have built bulk policy migration scripts to help you update all policies quickly and securely from your management account. See the bulk policy migration scripts user guide [2] for more information. You can find a detailed guide on how and which policies you need to update on our blog [3] and definitions of new IAM actions in Cost Management [4] and Billing [5] user guides.  

Please update your policies before December 11, 2023, to ensure your users' access to the AWS Billing, Cost Management, and Account consoles is not affected. If you have more questions or need help making updates to your policies, please contact AWS support [6].

[1] https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/migrate-granularaccess-iam-mapping-reference.html
[2] https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/migrate-iam-permissions.html
[3] https://aws.amazon.com/blogs/aws-cloud-financial-management/changes-to-aws-billing-cost-management-and-account-consoles-permissions/
[4] https://docs.aws.amazon.com/cost-management/latest/userguide/migrate-granularaccess-whatis.html#migrate-user-permissions
[5] https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/migrate-granularaccess-whatis.html
[6] https://support.console.aws.amazon.com/support/home?#/

I understand that you may not have support plan to log a case, but if you follow the second link given above, you should be able to take care of this pretty easily as it walks you through step by step.

You can always comment here for more guidance, if you feel stuck somewhere.

profile pictureAWS
EXPERT
secondabhi_aws
answered 10 months ago
  • Aotrs Commander
    10 months ago

    I'm sorry, I am not a programmer and I only have the most basic understanding of scripting. Reading through the documentation and clicking the Affected Policies button, I see there are four: BillingFullAccess, CostExplorerPreferences, CostExplorerReports, ReservationExpirationalertsCustomer, and I can click them to see the script. I can also click the "enable fine actions" button, but it is unclear to this actually does. Do I need to do anything else? I can see how to get into and edit the policy code, but I have no idea what I need to change the code to and the examples don't help.

  • secondabhi_aws EXPERT
    10 months ago

    Allow me sometime, I'll do that in my personal account and will share the steps.

  • Aotrs Commander
    10 months ago

    Thank you, I'd greatly appreciate it. I can probably muddle through putting the coding in, I'm just very unclear as to what exactly coding I need to add. (I suspect the IAM stuff is literally just steps I followed rote when first setting up and may contain stuff I don't truly need for my very simple purposes.)

  • secondabhi_aws EXPERT
    10 months ago

    Message 1/2(Character limit):

    Hey Aorts,

    I'll assist you step by step but would prefer not to throw all steps at once as that might not be needed too. Note: The steps that I'm mentioning here are no different than what you'd have received from AWS.

    1. Sign in to the AWS Management Console and open the AWS Billing console at https://console.aws.amazon.com/billing/.

    2. Paste the following URL into your browser to access the Affected policies tool: https://us-east-1.console.aws.amazon.com/poliden/home?region=us-east-1#/.

    Note that you require iam:GetAccountAuthorizationDetails permission to view this page, if you logged in a IAM user, then add this permission to IAM policy attached to your IAM user. If you log in through IAM role, then this permission should be added to one of the policy to attached to IAM role.

    1. Review the table that lists the IAM policies impacted. Use the Deprecated IAM actions column to review specific IAM actions referenced in a policy.

    Important: If you don't see any policy here, you are good and no further actions are required. If you see some policies here then following steps would be required.

  • secondabhi_aws EXPERT
    10 months ago

    Message 2/2:

    1. Choose an IAM policy name you wish to edit.

    2. Once you're redirected to the IAM console, update the impacted IAM action with the new action. Don't remove any existing aws-portal or purchase-orders action if you have any. Mapping of existing IAM action to New IAM action is listed here at https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/migrate-granularaccess-iam-mapping-reference.html

    3. Repeat steps 3 to 5 for all listed policies.

    4. Once all of the policies are resolved, access the Affected policies tool to confirm there are no policies listed.

    Feel free to comment here, I'll assist you.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content