Additional IAM Support in the #AWS Billing Console


Identity and Access Management (IAM)
gives you fine-grained control over access to
AWS
services and resources. You can create and manage AWS users and groups and
then use IAM permissions (in the form of policies) to allow and deny access
to AWS resources.

The AWS Billing Console lets you see how much you are spending on AWS (in total
and by service) and also lets you view and modify account and payment information.
You can take a look at my recent blog post on the
Updated AWS Billing Console.

Today we are enhancing the AWS Billing Console with finer-grained permissions.
You can grant read-only access to IAM users,along with additional options for write access. Your IAM
policies can use the following new actions to regulate access to various parts
of the console:

  • ViewBilling and ModifyBilling – Control access to the
    Dashboard, Bills, Cost Explorer, Payment History, Consolidated Billing, and Reports pages.
  • ViewAccount and ModifyAccount – Control access to the
    Account Settings page.
  • ViewPaymentMethods and ModifyPaymentMethods – Control access to the Payment Methods
    page.

By making judicious use of these verbs, you can implement a clean separation of AWS duties within
your organization. Developers can use the
AWS SDKs to develop AWS-powered applications, administrators
can manage production
servers,
databases, and
networks,
and the finance folks can watch over and control payments. If you want, you can give administrators and developers
read-only access to billing information so that they can have a better understanding of
the financial side of their work.

To learn more about this new feature, read about

IAM Enhanced Capabilities for the AWS Billing Consoleon the
AWS Security Blog.

Jeff;

Related posts