AWS Billing access to IAM user

We can enable billing access to an IAM user account. The access is disabled by default on all aws accounts.

First need to Activate IAM Access¬†from the My Account > IAM user access to Billing information¬Ě, when you are logged in as root. https://console.aws.amazon.com/billing/home?#/account

If you do not do the above step, even if your IAM account is into the Admin group, you won’t have access to billing section. It will be still throwing the error as below.

You are not authorized to perform this operation.

You are currently signed in as an IAM user that does not have permissions to the requested page.

The AWS link below describes on how to setup access for an IAM user.

http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html

You can attach the below policy to the user from the Users section to provide view only access. Better still, you can use the policy generator to give you the access that you require.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1453424203000",
            "Effect": "Allow",
            "Action": [
                "aws-portal:ViewAccount",
                "aws-portal:ViewBilling",
                "aws-portal:ViewPaymentMethods",
                "aws-portal:ViewUsage"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Leave a Reply

Your email address will not be published. Required fields are marked *