- Newest
- Most votes
- Most comments
Billing policy arn:aws:iam::aws:policy/job-function/Billing doesn't include these permissions(mentioned in question) in it, can you create your own managed policy and attach it to your user/role. Follow this re:Post Knowledge Center Article for step by step guidance.
If you are still not able to access then, you'd need to check, if there is any service control policy or permissions boundary attached to user/role through which you are trying to access Cost Explorer. You need to make sure that there is no explicit deny for these actions(mentioned in question) either in SCP or permissions boundary.
Hope it helps. Abhishek
This seems a little bit like nonsense, though. Like, you're correct, the managed policy in question doesn't include those permissions, but, why? Lacking ce:DescribeReport, in particular, is crazy, given that the same policy does include ce:CreateReport, ce:DeleteReport, and ce:UpdateReport. Without ce:DescribeReport you can't even load the Cost Explorer console to begin with, so, what good is the policy?
Relevant content
- asked 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
To add more details, we have a parent account and the linked/child accounts associated with it. How to modify the organization-based IAM policy for all the linked accounts from the parent account?