Skip to content

Instantly share code, notes, and snippets.

@kennwhite
Last active January 19, 2022 03:25
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kennwhite/8412149 to your computer and use it in GitHub Desktop.
Save kennwhite/8412149 to your computer and use it in GitHub Desktop.
Setting up AWS IAM for read-only billing (complete recipe)
Recipe for enabling billing access in AWS to a less privileged user
As *Root/Master* account owner:
1. Log into: https://console.aws.amazon.com (NOT IAM!)
2. My Account/Personal Information
3. Set security challenge questions (fav color/dog/movie, etc.)
4. My Account (Manage Your Account)
5. Scroll down the page (way down)
6. IAM User Access - Activate Now [*CLICK IT*/WAIT FOR VERIFICATION MODAL ALERT]
(if not already done)
7. Back to My Account/AWS Management Console
8. IAM
9. Create a Billing read-only Group
// Allow user to access the Account Activity page,
//Allow user to access the Usage Reports page
{
"Statement": [
{
"Effect": "Allow",
"Action": "aws-portal:ViewBilling",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "aws-portal:ViewUsage",
"Resource": "*"
}
]
}
10. Assign an IAM user person to it (set password, etc. if necessary)
11. Log out, verify billing user can:
Login to aliased (branded) AWS URL
Go to AWS Mangement Console
My Account/Manage Your Account/Activity
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment