# Access AWS Cost and Billing information from IAM User


AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

When you create an AWS account, you begin with one sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account **root user** and is accessed by signing in with the email address and password that you used to create the account. It is strongly recommended that you do not use the root user for your everyday tasks. Safeguard your root user credentials and use them to perform the tasks that only the root user can perform and use an account with the right permission for day-to-day tasks.

In this article, we will see how to enable AWS Cost, Usage, and Billing information to an `IAM` user.

You Might think you can just attach the `Billing` policy to your user and you are good to go. But there is one other step if you're doing it for the first time. You need to enable `Activate IAM Access to Billing Console` to access the billing information. You can do this by following the steps below.


## Create IAM Group

1. Log in to your AWS Console with your `root` user.
2. Go to the `IAM` service page.
3. On the left side panel, click on `User groups` and then click on `Create Group`.


![create-group.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1666705400185/gUP9sHq7U.png align="left")

4. Give a name to your group scroll down and click on `Create group`.

> Note: You can attach policies while creating a group. But for the demo purpose, I'll create the group and attach it later.

## Attaching IAM Policy to Group

2. On the `IAM` service page and in there the `User groups` section you can see the created group.
3. Click on the group name.

Which will take you to the group details page where you can see the group name and other details.


![group-details.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1666704863113/LpoRiLL5D.png align="left")

4. Click on the `Permission` button and click on `Add Permission`.

5. From the drop-down select `Attach Policies`.


![navigate-to-permission.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1666704893834/Rhe-608xV.png align="left")

6. You can Search `billing` on the filter policy search bar and attach it.


![billing-policy.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1666704918419/hPieeTpum.png align="left")

> Based on the group you might want to add permission for `ViewOnlyAccess` or `FullAccess`. For this, you'll have to create a custom policy.


![visual-editor-policy.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1666704941866/5c0cZ4Uz3.png align="left")


More details you can find in [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_billing.html?icmpid=docs_iam_console#tutorial-billing-step2).

7. After attaching the policy click on the `Add Permission` button.

## Add User to Group

1. Go to the `IAM` service page.
2. On the left side panel, click on `User groups` and then click on `Add users`.


![add-user.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1666704963379/05_jhjTPN.png align="left")


3. Select the user you want to add the group to and click on `Add User`.

## Activate IAM Access to Billing Console

1. Go to the `IAM` service page.
2. From the navigation bar, choose your account name and then choose `Account`.


![aws-account.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1666705001489/wUks7LQDR.png align="left")

3. Scroll down to the `IAM User and Role Access to Billing Information` section and click on the `Edit` button.



![activate-iam-billing.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1666705025629/xZeBnIs3y.png align="left")


4. Enable `Activate IAM Access to Billing Console` and click on the `Save Changes` button.

Now you should be able to access the billing information from your IAM user.



![billing-dashboard.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1666705110993/dY53vmFuU.png align="left")

## Conclusion

In this article, we saw

- to enable AWS Cost, Usage, and Billing information to an `IAM` user.
- We also saw how to create a group and attach a policy to it.
- How to add a user to a group.
- How to activate IAM Access to Billing Console.

## References

- [AWS IAM User](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html)
- [AWS IAM Policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
- [AWS IAM Group](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html)

- [AWS IAM Access to Billing Console](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_billing.html?icmpid=docs_iam_console#tutorial-billing-step2)

- [Activating access to the AWS Billing console](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/control-access-billing.html)


