Access AWS Cost and Billing information from IAM User

Access AWS Cost and Billing information from IAM User

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

When you create an AWS account, you begin with one sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account. It is strongly recommended that you do not use the root user for your everyday tasks. Safeguard your root user credentials and use them to perform the tasks that only the root user can perform and use an account with the right permission for day-to-day tasks.

In this article, we will see how to enable AWS Cost, Usage, and Billing information to an IAM user.

You Might think you can just attach the Billing policy to your user and you are good to go. But there is one other step if you're doing it for the first time. You need to enable Activate IAM Access to Billing Console to access the billing information. You can do this by following the steps below.

Create IAM Group

  1. Log in to your AWS Console with your root user.
  2. Go to the IAM service page.
  3. On the left side panel, click on User groups and then click on Create Group.

create-group.png

  1. Give a name to your group scroll down and click on Create group.

Note: You can attach policies while creating a group. But for the demo purpose, I'll create the group and attach it later.

Attaching IAM Policy to Group

  1. On the IAM service page and in there the User groups section you can see the created group.
  2. Click on the group name.

Which will take you to the group details page where you can see the group name and other details.

group-details.png

  1. Click on the Permission button and click on Add Permission.

  2. From the drop-down select Attach Policies.

navigate-to-permission.png

  1. You can Search billing on the filter policy search bar and attach it.

billing-policy.png

Based on the group you might want to add permission for ViewOnlyAccess or FullAccess. For this, you'll have to create a custom policy.

visual-editor-policy.png

More details you can find in here.

  1. After attaching the policy click on the Add Permission button.

Add User to Group

  1. Go to the IAM service page.
  2. On the left side panel, click on User groups and then click on Add users.

add-user.png

  1. Select the user you want to add the group to and click on Add User.

Activate IAM Access to Billing Console

  1. Go to the IAM service page.
  2. From the navigation bar, choose your account name and then choose Account.

aws-account.png

  1. Scroll down to the IAM User and Role Access to Billing Information section and click on the Edit button.

activate-iam-billing.png

  1. Enable Activate IAM Access to Billing Console and click on the Save Changes button.

Now you should be able to access the billing information from your IAM user.

billing-dashboard.png

Conclusion

In this article, we saw

  • to enable AWS Cost, Usage, and Billing information to an IAM user.
  • We also saw how to create a group and attach a policy to it.
  • How to add a user to a group.
  • How to activate IAM Access to Billing Console.

References

Did you find this article valuable?

Support TheHTTP by becoming a sponsor. Any amount is appreciated!