SQL Server administration and T-SQL development, Web Programming with ASP.NET, HTML5 and Javascript, Windows Phone 8 app development, SAP Smartforms and ABAP Programming, Windows 7, Visual Studio and MS Office software
Development resources, articles, tutorials, code samples, tools and downloads for AWS Amazon Web Services, Redshift, AWS Lambda Functions, S3 Buckets, VPC, EC2, IAM

Enable AWS IAM Users Access to Billing Information


AWS root account user can enable AWS IAM users to access to billing information, display billing details or modify according to the permission they want to grant using access level to billing actions by creating a policy. In this Amazon Web Services AWS guide I want to show the steps how to create a policy to display billing information and attach this policy to an AWS IAM account user.

By default IAM access to billing services data is prohibited. But I believe it is important for IAM users as well to keep track of their costs using Billing Service and cost reports.


If an AWS IAM user tries to launch the Billing Service, he or she will probably face with the following "IAM Access Denied" error.

IAM Access Denied AWS Billing Service

Login to AWS Console using Root Account
Then go to Root Account's account settings

AWS root account settings

On Account Settings page, scroll-down until you see IAM User and Role Access to Billing Information

IAM User and Role Access to Billing Information

You will see that "IAM user/role access to billing information is deactivated." message which is a default setting which prevents IAM users or all other users than root user to access and display billing information of your AWS account.
To let an IAM user to display billing information, just click the Edit link button on the right.

Mark "Activate IAM Access" and press "Update" button

Activate IAM Access to AWS Billing Service

Now, you can enable an IAM user for your account to display Billing service
Go to IAM Service
Using left menu, go to Users
Select the IAM user that you want to enable to access Billing service and click on username to enter user details

AWS account IAM users

On permissions tab, click on Add inline policy

User permissions on Amazon Web Services AWS

On Create Policy screen, you will see two tabs: Visual Editor and JSON
Since Visual Editor is easier to use and guides the AWS root account user for each step, let's continue with working on Visual Editor

First select the Billing service. Click on "Choose a service"

choose AWS service to create policy for IAM user

Select Billing Service.

You will see Actions in the next step.
You can type actions that you want to enable for the IAM user, or simply mark "All Billing actions (aws-portal:*)"

all billing actions in read and write access level

If you want to select from the available actions for Billing Service, you can see following actions exist also seen in above screenshot

Requires Read access level
ViewAccount
ViewBilling
ViewPaymentMethods
ViewUsage

Requires Write access level
ModifyAccount
ModifyBilling
ModifyPaymentMethods

Or configure IAM user permission by using Access level settings.
For example, select Read Access level.
Then you can uncheck View Account and View Payment Methods for example

AWS Billing Service display actions

Click on Review Policy button

On the next screen "Create Policy" give a name to your policy in creation
For example "AWSBilling-ReadOnly"

create policy for display only access to AWS Billing service

You see we have created the policy for the selected IAM user to display AWS account Billing Service information as display only (as for features we have selected)

AWS IAM user permissions

After all permissions are granted to the AWS IAM user, he will see a dashboard similar to seen in below screenshot

AWS Billing and Cost Management Dashboard



AWS

Copyright © 2004 - 2024 Eralper YILMAZ. All rights reserved.