In this bonus task, you will create an IAM user that is equivalent to the root user so that you don't need to use your root user when you are doing the lab exercise.
Moving forward, you will use this IAM user for your exercises.
1. Repeat the process from Task 1 to Task 2 of the previous exercise. Do you think you can run through these steps faster?
2. When you are finished setting up your IAM users, make sure that you're still in the details page of your IAM user. Under the Permissions tab, and in the Permissions policies section, choose Add permissions.
3. On the Permissions options, choose Attach policies directly.
4. From the list of Permissions policies, select (check the box) AdministratorAccess.
5. Once selected, choose Next.
6. Choose Add permissions.
7. You successfully added one policy to your IAM user.
Voila! All done.
IAM users they don't have the access to Billing dashboard by default. Only your root user can access the Billing dashboard.
Since you're using your IAM user every day, this means you won't have access to how much AWS is charging you everyday (a bit of a bummer!).
To enable billing access, here are the steps below.
6. Once IAM user and role access to Billing information is activated, you will need to create a role. Navigate to Roles by clicking Roles on the left side under Access management section.
7. Once you're in the Roles page, choose Create rule.
8. On the Trusted entity type section, choose Custom trust policy, then Edit statement.
9. Add actions for STS - Verify that AssumeRole is selected.
10. Add a principal select Add to display the Add principal dialog box. For Principal type select IAM users then for ARN paste the ARN for the IAM user that you created (to find the ARN of your IAM user, go back to the IAM user details, and under the Summary section, click the copy icon to copy the ARN of your IAM user (image below)).
11. Then select Add principal.
12. Select Next to go to the Add permissions page.
13. Under Permissions policies in the filter box, enter Billing and then select (check the box) the AWS managed-job function policy Billing.
14. Select Next to go to the Name, review, and create page. Under Role name, enter TempBillingAccess (you may enter your own Role name) then select Create role.
15. You will see the role has been successfully created. To check the roles you've created, you can search for the name of the role in the search box.
16. You are notified that the role has been created. View the role to display the details about the role. In the Summary section take note of the following information:
17. To test the access to the Billing Dashboard, sign in to your IAM user.
18, Once you sign in, navigate to Billing Dashboard, choose Billing.
If you see this error message "A message displays stating You need permissions. No billing data is visible", this means you still have no access/visibility to the Billing Dashboard. You'll need to switch roles to change your access. To switch role, make sure that you're signed-in with the IAM user that you created. On the navigation bar, choose your account name on the top right, and then choose Switch role.
The Switch role page opens. Complete the information as follows:
Copy the URL and paste it to a new tab of your web browser. You will see the page same as below.
Once you switch roles, you can access the AWS Billing Dashboard and the navigation bar displays TempBillingAccess@000000000000.
Awesome - you've just learnt how to provide IAM users access to the AWS Billing console. That's some pretty cool AWS Cloud Practitioner skills you've got there. 😉