Daily Hack #day75 - AWS Billing Federation

After creating your AWS account, you are signed in as the account owner, i.e., the root user. AWS recommends that we never use this account for everyday activities. Instead, we should create our first IAM user, and use it for working with AWS. We would then sign in as a root user only to perform service management tasks such as changing your account or payment details.

If you follow this best practice, you may still end up signing in as a root user every now and then to check your AWS bill because, by default, billing information is only available to a root user. However, there is a better way. You can grant the Billing and Cost Management console access to your IAM user. Once you’ve done this, you will be able to access the Billing console from your non-root user. Here is how you can “federate” billing access to an IAM user.

First, you have to Activate IAM access in the account settings:

Then, you can attach a Billing policy to your IAM user:

You can choose between full access or read-only access:

For a more detailed description of the billing federation, see AWS docs.