AWS root users can delegate access to specific IAM users who need to read or change AWS Billing and Cost Management data for an AWS account.
To do this you need to perform two steps:
- Activate IAM access for billing information
- Create IAM policy and attach it to an user or a group
Step 1: Activate IAM access for billing information
- Sign in to the AWS console with your root/administrator user.
- Go to My Account
- Next to IAM User and Role Access to Billing Information, choose Edit.
- Enable the Activate IAM Access check box and click on Update
Step 2: Create IAM policy and attach it to an user or a group
-
Open the IAM console
-
In the left menu choose Policies, and then Create policy
-
On the Visual editor select the service “Billing” and then choose the Access Level you want to give to the user (All billing actions, Read or Write) in the Action section
-
Go to the next step, on the Review page type the name of your new policy (eg: BillingViewAccess) and save it
-
Go back in the Policies section and you should see the new policy in the list. Select the checkbox next to the policy name, choose Actions (on top-right), and then choose Attach.
-
Now you can see all your users, roles and groups. Select the entity you want to attach the policy to and click on “Attach policy”