Non-Root Account Customers: Role Permissions Update (September 2023)

Due to recent AWS Permission changes, we need to modify the current roles. This page explains the steps to grant your DoiT Account Executive access to the AWS Cost Explorer.

1. Sign in to the AWS Management Console and navigate to the IAM console.

2. Select Policies, and then select Create policy.

3. Specify permissions.

   1. Choose Cost Explorer Service as the service.

   2. In the Policy editor section, select JSON.

   3. Paste the following JSON policy:

      {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Sid": "BillingPolicyFineGrained",
              "Effect": "Allow",
              "Action": [
                "ce:GetCostAndUsage",
                "ce:GetCostForecast",
                "ce:GetReservationUtilization*",
                "ce:GetReservationPurchaseRecommendation",
                "ce:DescribeReport",
                "ce:GetDimensionValues"
              ],
              "Resource": "*"
            }
          ]
        }

4. Name the policy as billing-policy-fine-grained. Review and create the new policy.

5. Once the policy is created, attach it to the roles DoiT-SSO-Strategic and DoiT-SSO-Billing-and-Support. Your Account Executive will now have access to the Cost Explorer.

Tip

If you prefer DoiT to create the policy and attach it to the relevant roles, open an expert inquiry with our team who will be happy to assist! We will create a temporary IAM user in order to make the necessary changes.