By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

how to gain access to cost explorer?

0

Hi everyone I have a situation where I want to gain access to cost explorer. however while access it I'm getting below error

You don't have permission to sts:AssumeRole. To request access, copy the following text and send it to your AWS administrator. User: arn:aws:sts.:<account-id>:assumed-role/AWSReservedSSO_<role> Action: sts:AssumeRole On resource(s): arn:aws.iam:<account>:role/BulkPolicyMigratorReadOnlyRole

As an admin, I'm not able to find the mentioned role in the AWS console: "BulkPolicyMigratorReadOnlyRole". Any idea what I might be missing or how I can solve this issue? The account is part of an organization

Topics
Cloud Financial ManagementSecurity, Identity, & Compliance
Tags
AWS Cost ExplorerAWS Identity and Access ManagementIAM Policies
Language
English
AWS
rePost-User-5847403
asked 12 days ago39 views
1 Answer
0

To gain access to Cost Explorer, there are a few steps you need to follow, especially since your account is part of an organization:

  1. First, ensure that Cost Explorer has been enabled for your organization. This is typically done by the management account of the organization. If you're not sure, you may need to check with the organization's administrator.

  2. If you're using an IAM user or role, make sure that the "Activate IAM Access" setting has been enabled for billing information. This can only be done by the root user of the account:

    • Sign in to the AWS Management Console with the root account credentials.
    • Go to the Account page.
    • Look for "IAM User and Role Access to Billing Information" and select "Edit".
    • Check the box for "Activate IAM Access".
    • Save the changes.

  3. Ensure that your IAM user or role has the necessary permissions to access Cost Explorer. This requires specific IAM policies to be attached to your user or role.

  4. The error message you're seeing suggests that you're trying to assume a role (BulkPolicyMigratorReadOnlyRole) that either doesn't exist or you don't have permission to assume. This role is not standard for Cost Explorer access, so it's possible there's a misconfiguration in your permissions or the role you're trying to use.

  5. To resolve this, you (or the AWS administrator) should review the IAM policies attached to your user or role. Ensure that you have the necessary permissions for Cost Explorer, which typically include actions like "ce:*" (for full access) or more specific actions like "ce:GetCostAndUsage".

  6. If you're an administrator and can't find the mentioned role, it's possible that it was created for a specific purpose and then deleted, or there's an issue with the way your permissions are set up.

  7. You may need to create a new IAM policy that grants the necessary permissions for Cost Explorer and attach it to your user or role.

If you continue to have issues, it would be best to contact AWS Support or work with your organization's AWS administrator to ensure the correct permissions are in place for your account to access Cost Explorer.
Sources
Enabling Cost Explorer - AWS Cost Management
Controlling access to Cost Explorer - AWS Cost Management
Overview of managing access permissions - AWS Cost Management

profile picture
re:Post Agent
answered 12 days ago
profile picture
EXPERT
Adeleke Adebowale Julius
reviewed 11 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content