Home > Enterprise >  Can't see AWS billing console despite having the correct IAM roles enabled
Can't see AWS billing console despite having the correct IAM roles enabled

Time:12-09

I have created and set the correct policies to allow me to view the billing page as seen in the following AWS docs page:

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_billing.html?icmpid=docs_iam_console#tutorial-billing-step1

and I have tried using the standard policies AWS gives you also but to no avail.

I have got the following 3 policies which are also shown below: AdministratorAccess, Billing, and BillingFullAccess

All of these policies are attatched to the a user group of which my account is a member. There are no other policies attatched to the group or my account.

ADMINISTRATORACCESS:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

BILLING:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "aws-portal:*Billing",
                "aws-portal:*Usage",
                "aws-portal:*PaymentMethods",
                "budgets:ViewBudget",
                "budgets:ModifyBudget",
                "ce:UpdatePreferences",
                "ce:CreateReport",
                "ce:UpdateReport",
                "ce:DeleteReport",
                "ce:CreateNotificationSubscription",
                "ce:UpdateNotificationSubscription",
                "ce:DeleteNotificationSubscription",
                "cur:DescribeReportDefinitions",
                "cur:PutReportDefinition",
                "cur:ModifyReportDefinition",
                "cur:DeleteReportDefinition",
                "purchase-orders:*PurchaseOrders"
            ],
            "Resource": "*"
        }
    ]
}

BILLINGFULLACCESS:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "aws-portal:*",
            "Resource": "*"
        }
    ]
}

CodePudding user response:

You will need to enable Billing console access to IAM Users.

  1. Login to aws console with root account (email id and pwd)
  2. Click on your account name ( Top Right Corner)
  3. Select "Account"
  4. Scroll down to "IAM User and Role Access to Billing Information" Section
  5. Check Mark "Activate IAM Access"

Activate IAM Access

More Details here: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_billing.html#tutorial-billing-step1

CodePudding user response:

You first need to enable Billing access option by signing in as a Root user. Once this is done, while still logged in as Root, give billing IAM permission to required user. Then log in to IAM user & check billing access. Link for same.

  • Related