Using identity-based policies (IAM policies) for AWS Account Management
Important
The following AWS Identity and Access Management (IAM) actions
will reach the end of standard support on July 2023:
aws-portal:ModifyAccount
and aws-portal:ViewAccount
.
See the Using fine-grained AWS Billing actions to replace these actions with
fine-grained actions so you have access to AWS Billing, AWS Cost Management, and AWS
accounts consoles.
If you created your AWS account or AWS Organizations Management
account before March 6, 2023, the fine-grained actions will be effective starting
July 2023. We recommend you to add the fine-grained actions, but not remove your
existing permissions with aws-portal
or purchase-orders
prefixes.
If you created your AWS account or AWS Organizations Management account on or after March 6, 2023, the fine-grained actions are effective immediately.
For a full discussion of AWS accounts and IAM users, see What Is IAM? in the IAM User Guide.
For instructions on how you can update customer managed policies, see Editing customer managed policies (console) in the IAM User Guide.
AWS Account Management actions policies
This table summarizes the permissions that allow or deny IAM users access to your account settings. For examples of policies that use these permissions, see AWS Account Management policy examples.
Permission name | Description |
---|---|
|
Allow or deny IAM users permission to view Account
Settings |
|
Allow or deny IAM users permission to modify Account
Settings To allow IAM users to modify account settings, you must allow both
For an example of a policy that explicitly denies an IAM user access to the account settings console page, see Deny access to account settings, but allow full access to all other billing and usage information. |