Additional IAM Support in the AWS Billing Console
AWS Identity and Access Management (IAM) gives you fine-grained control over access to AWS services and resources. You can create and manage AWS users and groups and then use IAM permissions (in the form of policies) to allow and deny access to AWS resources.
The AWS Billing Console lets you see how much you are spending on AWS (in total and by service) and also lets you view and modify account and payment information. You can take a look at my recent blog post on the Updated AWS Billing Console.
Today we are enhancing the AWS Billing Console with finer-grained permissions. You can grant read-only access to IAM users,along with additional options for write access. Your IAM policies can use the following new actions to regulate access to various parts of the console:
ModifyBilling– Control access to the Dashboard, Bills, Cost Explorer, Payment History, Consolidated Billing, and Reports pages.
ModifyAccount– Control access to the Account Settings page.
ModifyPaymentMethods– Control access to the Payment Methods page.
By making judicious use of these verbs, you can implement a clean separation of AWS duties within your organization. Developers can use the AWS SDKs to develop AWS-powered applications, administrators can manage production servers, databases, and networks, and the finance folks can watch over and control payments. If you want, you can give administrators and developers read-only access to billing information so that they can have a better understanding of the financial side of their work.
To learn more about this new feature, read about IAM Enhanced Capabilities for the AWS Billing Consoleon the AWS Security Blog.