Let's take a scenario where we want to provide access to the Billing Information to AWS IAM User.
We need to sign in to the AWS management console using Root Account credentials.
Click on Account Name -> Go to Billing Section
Go to IAM User Access to Billing Information section on the page and check the box "Activate IAM Access" and click on Update.
Go to IAM Dashboard and click on the Policies link in the Left Sidebar. Click on Get Started.
Earlier, we used policies which were already created. Now we are going to create a new policy. Click on Create Policy.
We will use Policy Generator to create a New policy related to Billing Access to IAM Users.
Select "Allow" in effect as we want to give permission and not block it.
Select AWS Billing as AWS Service.
Select All Actions from the box. In case we want to give only View permission then uncheck all other boxes.
Click on Add Statement button to add the Actions and Click on Next Step.
Review the Policy and Click on Create Policy.
Verify the Policy Created Successfully Message.
We will use Groups for Best practice rather than assigning policies with individual users. Create a BillingAdmins Group.
Attach newly created policy for Billing with New Group.
Verify the BillingAdmins Group on IAM Dashboard.
Now, before adding any IAM users, let's verify whether Billing Information is visible to IAM Users or not. Sign in with IAM user credential and we will get access Error.
Now Add Users, in the BillingAdmins Group and then Sign in with IAM user credential.
Labels: AWS, AWS IAM