- 最新
- 投票最多
- 评论最多
Ok, you have a provisioned an IAM user with Billing access but you are getting access denied.
With your IAM user,
- Are you able to login to AWS? - if not, maybe you have not given console access to the user.
- You can login but getting access denied in billing page? - check the billing permissions. Maybe there is a billing group provisioned but it is possible that there is no IAM policy given for the group.
Hello.
Have you enabled your IAM user to access billing information by following the steps in the following document?
Even if the appropriate IAM policy is set for the IAM user, they will not be able to access billing information if you have not enabled access to billing information by following the steps in the following document.
https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started-account-iam.html#:~:text=User%20Guide.-,Grant%20access%20to%20the%20billing%20console,-IAM%20users%20and
- Sign in to the AWS Management Console with your root user credentials (specifically, the email address and password that you used to create your AWS account).
- On the navigation bar, select your account name, and then select Account.
- Scroll down the page until you find the section IAM User and Role Access to Billing Information, then select Edit.
- Select the Activate IAM Access check box to activate access to the Billing and Cost Management console pages.
- Choose Update.
The page displays the message IAM user/role access to billing information is activated.- Use the AWS Management Console to create a role that a user can assume to access the billing console.
- On the Add permissions page for the role, add permissions to list and view details about the Billing resources in your AWS account.
The AWS managed policy Billing grants users permission to view and edit the Billing and Cost Management console. This includes viewing account usage, modifying budgets and payment methods. For more policy examples that you can attach to IAM roles to control access to your account’s billing information, see AWS Billing policy examples in the Billing and Cost Management User Guide.
Yep, I have done all of that. There was supposed to be a screenshot in the original post showing that 1-5 was done on the root account, but apparently it failed to upload -- on the root account the "Activate IAM Access" has a green checkbox and says "Activated". The user is a member of a group that has "Billing" permissions in IAM, so 6-7 is working as well.
Yep, I can log into the console and use other services just fine. The user is part of a group that has role "Billing".