Create user just for billing/payment management

To create a user account for managing billing and payment information in AWS, you'll need to follow these steps:

1. First, as the AWS account root user, you need to enable IAM user access to billing information:

   • Sign in to the AWS Management Console using your root user credentials.
   • Click on your account name in the top right corner, then select "Account".
   • Scroll down to find "IAM User and Role Access to Billing Information" and click "Edit".
   • Check the box for "Activate IAM Access" and click "Update".

2. Next, create an IAM user for your Director of Business Affairs:

   • Go to the IAM console.
   • Click on "Users" in the left navigation pane, then "Add user".
   • Set a username and choose the access type (AWS Management Console access is recommended for billing management).
   • Set a custom password or have AWS generate one.

3. Assign the necessary permissions:

   • You can attach the AWS managed policy called "Billing" which grants permissions to view and edit the Billing and Cost Management console.
   • Alternatively, you can create a custom policy with specific billing-related permissions.

4. Review and create the user.

5. Provide the new user with their sign-in credentials and the AWS account ID or alias for logging in.

Remember, it's a best practice to grant only the permissions necessary for the role. In this case, limit the access to billing and cost management features only.

Also, for enhanced security, consider enabling multi-factor authentication (MFA) for this user account.

By following these steps, your Director of Business Affairs will be able to access and manage the billing and payment information for your high school's AWS account without having access to other AWS services or resources.
Sources
Iam User for Billing | AWS re:Post
Setting up your AWS account - AWS Identity and Access Management
Access denied even though ive set permissions | AWS re:Post