Edit an AWS IAM Policy
AWS IAM policies can be edited any time after their creation in Kion.
You can also clone any IAM policy using the ellipsis menu next to the policy and edit the clone. The cloned policy will be new a user-managed policy.
To edit a user-managed AWS IAM policy:
- Navigate to Cloud Management > AWS IAM Policies.
- Next to the IAM policy you would like to edit, click the ellipsis menu and select Edit.
- Make any changes you like.
- Click Update IAM Policy.
If you make changes to the JSON policy, it will apply across all cloud accounts where the policy is applied via projects and OUs.
Clone an IAM Policy as a Service Control Policy
You can clone an AWS IAM policy and convert it into a service control policy. This conversion makes it easy to scale essential compliance measures from IAM policies for singular roles to service control policies that affect the whole account.
To clone an IAM policy as a service control policy:
- Navigate to Cloud Management > AWS IAM Policies.
- Next to the IAM policy you would like to convert, click the ellipsis menu and select Clone as SCP.
- (Optional) Modify the policy name, description, and JSON.
- Select at least one user or user group as the policy owner.
- Click Create Service Control Policy.