Last active
January 19, 2022 03:25
-
-
Save kennwhite/8412149 to your computer and use it in GitHub Desktop.
Setting up AWS IAM for read-only billing (complete recipe)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Recipe for enabling billing access in AWS to a less privileged user | |
| As *Root/Master* account owner: | |
| 1. Log into: https://console.aws.amazon.com (NOT IAM!) | |
| 2. My Account/Personal Information | |
| 3. Set security challenge questions (fav color/dog/movie, etc.) | |
| 4. My Account (Manage Your Account) | |
| 5. Scroll down the page (way down) | |
| 6. IAM User Access - Activate Now [*CLICK IT*/WAIT FOR VERIFICATION MODAL ALERT] | |
| (if not already done) | |
| 7. Back to My Account/AWS Management Console | |
| 8. IAM | |
| 9. Create a Billing read-only Group | |
| // Allow user to access the Account Activity page, | |
| //Allow user to access the Usage Reports page | |
| { | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": "aws-portal:ViewBilling", | |
| "Resource": "*" | |
| }, | |
| { | |
| "Effect": "Allow", | |
| "Action": "aws-portal:ViewUsage", | |
| "Resource": "*" | |
| } | |
| ] | |
| } | |
| 10. Assign an IAM user person to it (set password, etc. if necessary) | |
| 11. Log out, verify billing user can: | |
| Login to aliased (branded) AWS URL | |
| Go to AWS Mangement Console | |
| My Account/Manage Your Account/Activity | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment