Block billing or cost related information for aws account

Block billing or cost related information for aws account

AWS/AWS Billing

·

1 min read

  • outline

Allow full access to AWS services but deny IAM users access to the Billing and Cost Management consoles and billing related information

  • how-to

  1. Add administrator access to IAM user

  2. Add billing deny policy 1 for blocking access to overall billing and cost usage.

  3. Or add billing deny policy 2 for blocking access to Billing and Cost Management consoles and billing related information such as budget, cur, freetier, payment and so on.

  • policy1 for biliing dey

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": [
                "aws-portal:*Billing",
                "ce:*",
                "billing:*"
            ],
            "Resource": "*"
        }
    ]
}
  • policy 2 for billing deny

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": [
                "iam:*",
                "aws-portal:*",
                "ce:*",
                "billing:*",
                "budgets:*",
                "billingconductor:*",
                "bcm-data-exports:*",
                "consolidatedbilling:*",
                "cost-optimization-hub:*",
                "cur:*",
                "application-cost-profiler:*",
                "sustainability:*",
                "pricing:*",
                "purchase-orders:*",
                "tax:*",
                "customer-verification:*",
                "support:*",
                "freetier:*",
                "payments:*",
                "payment-cryptography:*"
            ],
            "Resource": "*"
        }
    ]
}
  • reference

https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/security-iam.html