This post describes the second step needed to configure an Amazon IAM account for use with Teevity AWS Cloud costs monitoring solution.
- Step 1 - Enable access to the Billing page
- Step 2 - Create an IAM group dedicated to Cloud cost monitoring
- Step 3 - Create a new IAM user and add it to the group
A/ Create the IAM group
You can do that using the IAM tab in the Amazon AWS Console.
B/ Give the group a name like “CloudCostMonitoringTools”.
C/ Give the group the “read-only rights” needed by Teevity
The easiest way to add the required authorizations is to use the Custom Policy wizard and to copy and paste the following policy.
Call the policy something like “CloudCostMonitoringToolsPolicy”
And copy and paste into the “Policy Document field” the content of this read-only Access Policy you can find in this gist :
Take your time and feel free to review it. It is a subset of the “Read-only” Access Policy provided by AWS to which we have added the ViewBilling and UsageReports rights.
You can see here, all the elements that we have removed from the default Read-only access policy provided by AWS (because they are not needed to provide the Teevity service to you) to create our describe-only policy.
D/ And you’re done with the creation of the IAM Group
E/ Now the last step : creating the IAM User and place it in the group you’ve just created