AWS IAM: Give IAM users access to AWS Billing Details


Let’s take a scenario where we want to provide access to the Billing Information to AWS IAM User.
We need to sign in to the AWS management console using Root Account credentials.
Click on Account Name -> Go to Billing Section
72.47BAWSBIAMBAccessBtoBBilling.png

Go to IAM User Access to Billing Information section on the page and check the box “Activate IAM Access” and click on Update.

72.48%2BAWS%2BIAM%2BAccess%2Bto%2BBilling%2BActivate.png

Go to IAM Dashboard and click on the Policies link in the Left Sidebar. Click on Get Started.

72.49%2BAWS%2BIAM%2BAccess%2Bto%2BBilling%2BCreate%2BPolicy.png

Earlier, we used policies which were already created. Now we are going to create a new policy. Click on Create Policy.

72.50%2BAWS%2BIAM%2BAccess%2Bto%2BBilling%2BCreate%2BPolicy.png

We will use Policy Generator to create a New policy related to Billing Access to IAM Users.

72.51%2BAWS%2BIAM%2BAccess%2Bto%2BBilling%2BCreate%2BPolicy%2BGenerator.png

Select “Allow” in effect as we want to give permission and not block it.

Select AWS Billing as AWS Service.

Select All Actions from the box. In case we want to give only View permission then uncheck all other boxes.

72.52%2BAWS%2BIAM%2BAccess%2Bto%2BBilling%2BCreate%2BPolicy%2BGenerator%2BActions.png

Click on Add Statement button to add the Actions and Click on Next Step.

72.53%2BAWS%2BIAM%2BAccess%2Bto%2BBilling%2BCreate%2BPolicy%2BGenerator%2BAdd%2BStatement.png

Review the Policy and Click on Create Policy.

72.54%2BAWS%2BIAM%2BAccess%2Bto%2BBilling%2BCreate%2BPolicy%2BReview.png

Verify the Policy Created Successfully Message.

72.55%2BAWS%2BIAM%2BAccess%2Bto%2BBilling%2BCreate%2BPolicy%2BGenerated.png

We will use Groups for Best practice rather than assigning policies with individual users. Create a BillingAdmins Group.

72.56%2BAWS%2BIAM%2BAccess%2Bto%2BBilling%2BGroup%2BAdmin.png

Attach newly created policy for Billing with New Group.

72.57%2BAWS%2BIAM%2BAccess%2Bto%2BBilling%2BGroup%2BAdmin%2BAttach%2BPolicy.png

Verify the BillingAdmins Group on IAM Dashboard.

72.58%2BAWS%2BIAM%2BAccess%2Bto%2BBilling%2BGroup%2BReview.png

Now, before adding any IAM users, let’s verify whether Billing Information is visible to IAM Users or not. Sign in with IAM user credential and we will get access Error.

72.59%2BAWS%2BIAM%2BAccess%2Bto%2BBilling%2BGroup%2BSelect%2BGroup.png

Now Add Users, in the BillingAdmins Group and then Sign in with IAM user credential.

72.60%2BAWS%2BIAM%2BAccess%2Bto%2BBilling%2BGroup%2BNo%2Baccess.png
Bingo!!!

Leave a comment

Your email address will not be published. Required fields are marked *