outline
Allow full access to AWS services but deny IAM users access to the Billing and Cost Management consoles and billing related information
how-to
Add administrator access to IAM user
Add billing deny policy 1 for blocking access to overall billing and cost usage.
Or add billing deny policy 2 for blocking access to Billing and Cost Management consoles and billing related information such as budget, cur, freetier, payment and so on.
policy1 for biliing dey
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"aws-portal:*Billing",
"ce:*",
"billing:*"
],
"Resource": "*"
}
]
}
policy 2 for billing deny
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"iam:*",
"aws-portal:*",
"ce:*",
"billing:*",
"budgets:*",
"billingconductor:*",
"bcm-data-exports:*",
"consolidatedbilling:*",
"cost-optimization-hub:*",
"cur:*",
"application-cost-profiler:*",
"sustainability:*",
"pricing:*",
"purchase-orders:*",
"tax:*",
"customer-verification:*",
"support:*",
"freetier:*",
"payments:*",
"payment-cryptography:*"
],
"Resource": "*"
}
]
}
reference
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/security-iam.html