Services Plugins FAQs

AWS new fine-grained AWS Identity and Access Management

Plugins
#1

Hello,

I have a Zerocode plugin for my Bubble app called " “AWS” File uploader - Any size (can upgrade)"

Yesterday, I received this message (see below) from AWS and want to know if my Zerocode plugin is effected and what I must do. Thanks

Hello,

To enhance access control experience, AWS launched new fine-grained AWS Identity and Access Management (IAM) actions for AWS Billing, Cost Management, and Account services. We will be retiring the existing IAM actions that control access to the Billing, Cost Management, and Account Consoles on July 6, 2023. We recommend you update your policies [1] to include fine-grained actions before July 6, 2023 so that your users’ access does not change after the retirement of these existing actions. Since existing actions will continue to protect access to our consoles until July 6, 2023, please wait to remove existing actions from your policies until then.

These new fine-grained actions give AWS customers more control over access to these services. With these actions, you will have a single set of actions that govern console and programmatic access to AWS Billing, Cost Management, and Account services.

The existing IAM actions that currently control access to services on AWS Billing, Cost Management, and Account consoles under the aws-portal service prefix, and the purchase-orders:ViewPurchaseOrders, and purchase-orders:ModifyPurchaseOrders actions will no longer be available after July 6, 2023.

Please review our blog [1] for the existing action retirement timeline and a detailed guide on how and which policies you need to update. Please review our Billing Console [2] and Cost Management [3] user guides to learn more about the new fine-grained IAM actions.

If you have any questions or concerns, please contact AWS Support [4].

​[1] Changes to AWS Billing, Cost Management, and Account Consoles Permissions | AWS Cloud Financial Management
[2] Migrating access control for AWS Billing - AWS Billing
[3] Migrating access control for AWS Cost Management - AWS Cost Management
[4] https://support.console.aws.amazon.com/support/home?#/

Sincerely,
Amazon Web Services

Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message was produced and distributed by Amazon Web Services Inc., 410 Terry Ave. North, Seattle, WA 98109-5210

#2

Hello, @ubuntu4u2
Thanks for reaching out.

This AWS platform message tells you you need to update your policies until July 6, 2023.
All the required information could be checked in their message attached links.
They recommend you updating your policies [1] to include fine-grained actions before July 6, 2023 so that your users’ access does not change after the retirement of these existing actions. Since existing actions will continue to protect access to our consoles until July 6, 2023, please wait to remove existing actions from your policies until then.
However, it is related only to AWS Billing, Cost Management, and Account Services.

This affects not the plugin, but policies in your AWS bucket, which are used by the plugin or other products. This is not something crucial, however, please check it :pray:

Best regards,

#3

What policies in my AWS bucket, are used by the plugin?

I have to ask because you stated "This affects not the plugin, but policies in your AWS bucket, which are used by the plugin or other products. "
This to an English ear seems that indeed there may be something needing tweaking. If not changed caos! I need to ask these questions as I’m only learning this stuff and want to avoid issues month in advance. Does this make sense to you?

#4

Hello, @ubuntu4u2
Please don’t worry about that :slightly_smiling_face:

In case you used our documentation for configuring the plugin, you can find your Policies here:

This message was sent to each user on the AWS platform, so it doesn’t mean that only you need to change something.
If you use our plugin and your AWS bucket only for storing different files, you don’t need to change anything. Here you can read more about it:

AWS will be retiring AWS Identity and Access Management (IAM) actions for the Billing, Cost Management, and Account Consoles under the service prefix aws-portal and two actions under purchase order namespace, purchase-orders:ViewPurchaseOrders , and purchase-orders:ModifyPurchaseOrders . They are replacing them with new fine-grained service specific permissions that give you more control over access to Billing, Cost Management, and Account services. These new permissions will also provide a single set of IAM actions that govern access to both console and programmatic interfaces.

I hope this will be helpful for you.
Best regards,