Posted On: Jun 8, 2023

AWS is retiring IAM actions for AWS Billing, Cost Management, and Account consoles under aws-portal service prefix, purchase-orders:ViewPurchaseOrders, and purchase-orders:ModifyPurchaseOrders on July 6, 2023. Today, we are launching bulk migration scripts to allow customers to update policies containing the above old actions on the retirement path to include new fine-grained actions securely and quickly. Customers can execute these scripts from their management accounts and update all affected policies in their Organization to include new actions, while maintaining their current access to AWS Billing, Cost Management, and Account consoles.

These scripts enable customers to identify affected policies that use soon-to-be-retired actions across all member accounts. They generate suggestions for new fine-grained actions to replace the old ones, ensuring uninterrupted access to AWS Billing, Cost Management, and account consoles. By reviewing and accepting these suggestions, customers can efficiently migrate policies in all member accounts from the management account, saving time and effort compared to updating policies in each member account individually. Additionally, the scripts group identical policies in member accounts, enabling customers to apply the same updates across all identical policies. Lastly, you can roll back changes made during this script-based migration, providing a transparent and risk-free policy migration experience.

Starting today, the bulk policy migration scripts are available in all commercial regions, except China regions. We encourage all customers to use these scripts to update their policies quickly and securely to include new fine-grained actions.

To start updating your policies using these scripts available via GitHub, please refer to user guide.