Posted On: Mar 23, 2023

Today, AWS announces the release of an allow listing feature that helps you test and enable the new fine-grained IAM permissions for AWS Billing, Cost Management, and Account services.

On Jan 11, 2023, AWS announced the retirement of the existing IAM actions for AWS Billing, Cost Management, and Account consoles under the service prefix aws-portal and two actions under purchase order namespace, purchase-orders:ViewPurchaseOrders and purchase-orders:ModifyPurchaseOrders by July 6, 2023. New fine-grained IAM actions were launched to allow specific access control to services that are needed for an individual user’s role. The self-service allow listing feature enables you to switch AWS accounts within your organization between the new fine-grained IAM actions and the existing IAM actions. You can also test the new fine-grained actions in your management account or across member accounts within your organization. Based on the testing outcome, you can continue to use the new fine-grained actions or revert to the existing IAM actions (to be deprecated by July 6, 2023). With this feature, you can decide to complete the migration to new IAM actions ahead of the July 6, 2023 retirement date or extend (until July 6, 2023) the use of existing IAM actions for AWS accounts or AWS Organizations created on or after March 6, 2023. This self-service allow listing feature will also be retired on July 6, 2023.

To understand when the fine-grained actions will take effect, and how you can prepare with the allow listing feature, please visit our blog post.