- 最新
- 投票最多
- 评论最多
Hello.
All operations are already permitted for "AdministratorAccess" in the AWS management policy, so there is no need to update it.
Also, AWS managed policies cannot be updated by us users.
AWS will update automatically.
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html#managed-policies
An AWS managed policy is a standalone policy that's created and administered by AWS. AWS managed policies are designed to provide permissions for many common use cases. AWS managed policies make it easier for you to assign appropriate permissions to users, groups, and roles than if you had to write the policies yourself.
You can't change the permissions defined in AWS managed policies. AWS occasionally updates the permissions that are defined in an AWS managed policy. When this occurs, the update affects all principal entities (users, groups, and roles) that the policy is attached to.
I think if you check the managed policies for "AdministratorAccess" and "Billing", the old policies will probably be gone.
Hello,
I apologize for any inconvenience this has caused you. Our Accounts & Billing team would be happy to address your concerns this concern, you can create a case from our Support Center: https://go.aws/support-center. After researching, it does seem these permissions have been retired & require your action, you can find more details from our blog: https://aws.amazon.com/blogs/aws-cloud-financial-management/changes-to-aws-billing-cost-management-and-account-consoles-permissions/.
- Rick N.
Hi, thank you but our account does not allow us to enter a case. And the link you provide does not address the issue of an AWS-provided policy containing an outdated permission.
I still see the incorrect permissions in the AWS-managed policies:
arn:aws:iam::aws:policy/AdministratorAccess arn:aws:iam::aws:policy/job-function/Billing
Are these not the right policies, or am I getting an outdated version somehow, or are the policies incorrect? I did try creating a new user and applying the policy and still see the permissions. We only have eight user-managed policies and none of them include any of the outdated permissions
I never did get an answer, but AWS has stopped nagging us about it, for now
Hi, I checked the policies today and I see these permissions. I tried creating a new user and attaching the AWS-created policy directly and I still see the outdated permission. This is an AWS-created policy with an outdated permission https://us-east-1.console.aws.amazon.com/iam/home?region=us-west-2#/policies/details/arn%3Aaws%3Aiam%3A%3Aaws%3Apolicy%2FAdministratorAccess?section=permissions
"AdministratorAccess" is as shown below, so there should be no need to modify the policy.