Sunday, March 22, 2015

IAM policy to allow AWS console view to "Preferences"

If you are using tags on your EC2 instances, you will want to look at "manage resources and tags" option under preferences. If you would like to give a particular user (e.g a linked user a/c) access to consolidated billing account, but restrict all other views, you can use an IAM policy like below to allow access:-


*******************

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "aws-portal:ViewBilling",
                "aws-portal:ModifyBilling",
                "aws-portal:ViewAccount"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Deny",
            "Action": [
                "aws-portal:ViewPaymentMethods",
                "aws-portal:ModifyPaymentMethods",
                "aws-portal:ModifyAccount"
            ],
            "Resource": "*"
        }
    ]
}


****************************

No comments:

Post a Comment