If you are using tags on your EC2 instances, you will want to look at "manage resources and tags" option under preferences. If you would like to give a particular user (e.g a linked user a/c) access to consolidated billing account, but restrict all other views, you can use an IAM policy like below to allow access:-
*******************
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"aws-portal:ViewBilling",
"aws-portal:ModifyBilling",
"aws-portal:ViewAccount"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": [
"aws-portal:ViewPaymentMethods
"aws-portal:ModifyPaymentMetho
"aws-portal:ModifyAccount"
],
"Resource": "*"
}
]
}
****************************
*******************
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"aws-portal:ViewBilling",
"aws-portal:ModifyBilling",
"aws-portal:ViewAccount"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": [
"aws-portal:ViewPaymentMethods
"aws-portal:ModifyPaymentMetho
"aws-portal:ModifyAccount"
],
"Resource": "*"
}
]
}
****************************
No comments:
Post a Comment