AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
When you create an AWS account, you begin with one sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account. It is strongly recommended that you do not use the root user for your everyday tasks. Safeguard your root user credentials and use them to perform the tasks that only the root user can perform and use an account with the right permission for day-to-day tasks.
In this article, we will see how to enable AWS Cost, Usage, and Billing information to an IAM
user.
You Might think you can just attach the Billing
policy to your user and you are good to go. But there is one other step if you're doing it for the first time. You need to enable Activate IAM Access to Billing Console
to access the billing information. You can do this by following the steps below.
Create IAM Group
- Log in to your AWS Console with your
root
user. - Go to the
IAM
service page. - On the left side panel, click on
User groups
and then click onCreate Group
.
- Give a name to your group scroll down and click on
Create group
.
Note: You can attach policies while creating a group. But for the demo purpose, I'll create the group and attach it later.
Attaching IAM Policy to Group
- On the
IAM
service page and in there theUser groups
section you can see the created group. - Click on the group name.
Which will take you to the group details page where you can see the group name and other details.
Click on the
Permission
button and click onAdd Permission
.From the drop-down select
Attach Policies
.
- You can Search
billing
on the filter policy search bar and attach it.
Based on the group you might want to add permission for
ViewOnlyAccess
orFullAccess
. For this, you'll have to create a custom policy.
More details you can find in here.
- After attaching the policy click on the
Add Permission
button.
Add User to Group
- Go to the
IAM
service page. - On the left side panel, click on
User groups
and then click onAdd users
.
- Select the user you want to add the group to and click on
Add User
.
Activate IAM Access to Billing Console
- Go to the
IAM
service page. - From the navigation bar, choose your account name and then choose
Account
.
- Scroll down to the
IAM User and Role Access to Billing Information
section and click on theEdit
button.
- Enable
Activate IAM Access to Billing Console
and click on theSave Changes
button.
Now you should be able to access the billing information from your IAM user.
Conclusion
In this article, we saw
- to enable AWS Cost, Usage, and Billing information to an
IAM
user. - We also saw how to create a group and attach a policy to it.
- How to add a user to a group.
- How to activate IAM Access to Billing Console.
References
Did you find this article valuable?
Support TheHTTP by becoming a sponsor. Any amount is appreciated!