This post describes the second step needed to configure an Amazon IAM account for use with Teevity AWS Cloud costs monitoring solution.

  • Step 1 - Enable access to the Billing page 
  • Step 2 - Create an IAM group dedicated to Cloud cost monitoring
  • Step 3 - Create a new IAM user and add it to the group


A/ Create the IAM group

You can do that using the IAM tab in the Amazon AWS Console.  

image


B/ Give the group a name like “CloudCostMonitoringTools”.

image


C/ Give the group the “read-only rights” needed by Teevity

The easiest way to add the required authorizations is to use the Custom Policy wizard and to copy and paste the following policy.

image


Call the policy something like “CloudCostMonitoringToolsPolicy”

image

And copy and paste into the “Policy Document field” the content of this read-only Access Policy you can find in this gist :

       https://gist.github.com/nfonrose/6038928

Take your time and feel free to review it. It is a subset of the “Read-only” Access Policy provided by AWS to which we have added the ViewBilling and UsageReports rights.

You can see here, all the elements that we have removed from the default Read-only access policy provided by AWS (because they are not needed to provide the Teevity service to you) to create our describe-only policy.

D/ And you’re done with the creation of the IAM Group

image

E/ Now the last step : creating the IAM User and place it in the group you’ve just created

You can see here how to do that last step.