Member-only story
SCP to Allow Closing and Removing AWS Accounts — Part 3
ACM.183b Trying out the new AWS billing actions in our SCP
Part of my series on Automating Cybersecurity Metrics. The Code.
Free Content on Jobs in Cybersecurity | Sign up for the Email List
In my last post, I spent far too long messing around with deprecated AWS IAM billing actions.
AWS updated billing options for IAM Policies
In this post we’re going to modify our SCP to use the updated AWS IAM payment actions.
First let’s take a look at our options.
I’m going to try to all add the actions in the above documentation to our SCP from the page above except the following:
- GetPaymentStatus
- MakePayment
Let’s say we are transferring a child account in our organization to a new owner and the root user in the other account is updating the account with their payment method, we don’t want any more payments to occur until the transfer of ownership is complete so the new owner will be charged for any additional expenses.
We’ll deal with the other scenarios I presented as part of this series later (like closing an unneeded account within an organization) perhaps or you can test them out on your own. I’m going to try to complete the transfer scenario in this post.
Updated SCP to use new AWS IAM Payments actions
Well, these payments actions from the list above:
Are not enough to manage the payment methods for an account:
