Using identity-based policies (IAM policies) for AWS Account Management
For a full discussion of AWS accounts and IAM users, see What Is IAM? in the IAM User Guide.
For instructions on how you can update customer managed policies, see Editing customer managed policies (console) in the IAM User Guide.
AWS Account Management actions policies
This table summarizes the permissions that grant access to your account settings. For examples of policies that use these permissions, see AWS Account Management policy examples.
Note
To grant IAM users write access to a specific account setting in the AccountGetAccountInformation permission, in addition to the
permission (or permissions) that you want to use to modify that setting.
| Permission name | Access level | Description |
|---|---|---|
|
|
List |
Grants permission to list the available Regions. |
|
|
Read |
Grants permission to retrieve the account information for an account. |
|
|
Read |
Grants permission to retrieve the alternate contacts for an account. |
|
|
Read |
Grants permission to retrieve the challenge questions for an account. |
|
|
Read |
Grants permission to retrieve the primary contact information for an account. |
|
|
Read |
Grants permission to get the opt-in status of a Region. |
|
|
Write |
Grants permission to close an account. NoteThis is a permission for the console only. No API access is available for this permission. |
|
|
Write |
Grants permission to delete the alternate contacts for an account. |
|
|
Write |
Grants permission to disable use of a Region. |
|
|
Write |
Grants permission to enable use of a Region. |
|
|
Write |
Grants permission to modify the alternate contacts for an account. |
|
|
Write |
Grants permission to modify the challenge questions for an account. NoteThis is a permission for the console only. No API access is available for this permission. |
|
|
Write |
Grants permission to update the primary contact information for an account. |
