Menu
I am using boto3, trying out Cost Exploer to get cost and usage
import boto3
client = boto3.client('ce')
client.get_cost_and_usage()
Already grant the following permissioin to the user
"aws-portal:ViewUsage",
"aws-portal:ViewBilling"
But always get error
An error occurred (AccessDeniedException) when calling the GetCostAndUsage operation: User: arn:aws:iam::123456789:user/User1 is not authorized to perform: ce:GetCostAndUsage on resource: arn:aws:ce:us-east-1:123456789
770
It can't be disabled but charges will stop if they stop using Cost Explorer API. Cost Explorer API is not something that can be disabled, in order to stop being charged, you just have to stop using Cost Explorer API to query cost data and block ALL IAM users from using it.
Cost Explorer updates your cost data at least once every 24 hours.
AWS::CE::CostCategory. The AWS::CE::CostCategory resource creates groupings of cost that you can use across products in the AWS Billing and Cost Management console, such as Cost Explorer and AWS Budgets. For more information, see Managing Your Costs with Cost Categories in the AWS Billing and Cost Management User Guide ...
Just found answer from here https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-example-policies.html#example-policy-ce-api
Example 11: View costs and usage
To allow IAM users to use the AWS Cost Explorer API, use the following policy to grant them access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ce:*"
],
"Resource": [
"*"
]
}
]
}
I couldn't find existing small scope read-only policy to get usage statistics.
Creating new policy through the web "Visual Editor" is easy too:
Cost Explorer Service
[X] Read permissionsMyCostExplorerRead
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
