🛠️Setup IAM Role for Temporary Access
AWS Cost Explorer Access via IAM Role for Developers
Pagerly would use STS Temporary Role for accessing the AWS Cloud Reports. This is the safest option available for an external account accessing to specific resource on AWS.
This process involves creating an IAM role with the necessary permissions and then using STS to assume this role, which provides you with temporary credentials that can be used to access AWS resources.
In short , you need to create IAM Role which has
Access only to Cost Explorer
Allows External Account to Assume Role via STS
Note : Pagerly doesn't save any information related to your cloud. We find this runtime and give the reports on Slack
Setting up IAM Role
1. Creating an IAM Role
An IAM role allows you to delegate access with defined permissions, which can be assumed by users, applications, or AWS services without needing to share access keys.
Steps to Create an IAM Role for AWS Cost Explorer for External Access:
Sign in to the AWS Management Console: Navigate to the IAM service.
Navigate to Roles: Click on "Roles" on the sidebar, then click "Create role".
Select Type of Trusted Entity:
For access by external accounts or IAM users within your account, select "Another AWS account".
Specify Details:
If you selected "Another AWS account", enter the account ID : 065318983578
Click Next: Permissions.
2. Creating and Attaching the Policy for Cost Explorer Access
In this step, you'll create a policy that grants permissions to access AWS Cost Explorer and then attach it to the IAM role.
Create the Policy:
Navigate to to IAM Role just created
Go to Add permissions and Create Inline Policy
Choose the Service: Select "Cost Explorer Service".
Add Actions: Choose actions you want to allow, such as
GetCostAndUsage
.Set Resource to All: Since Cost Explorer does not support resource-level permissions, use
"Resource": "*"
.Review and Name Your Policy: Enter a name and description for your policy, then click "Create policy".
Or add the following Policy Directly
Attach the Policy to Your Role:
Go Back to Your Role: Find the role you created in the Roles menu.
Attach Policies: Click "Attach policies", find the policy you just created, select it, and then click "Attach policy".
Following this guide, you've created an IAM role with the necessary permissions for accessing only AWS Cost Explorer and allowing Pagerly to access this role
Last updated