AWS managed policies
Managed policies are standalone identity-based policies that you can attach to multiple users, groups, and roles in your AWS account. You can use AWS managed policies to control access in Billing.
An AWS managed policy is a standalone policy that's created and administered by AWS. AWS managed policies are designed to provide permissions for many common use cases. AWS managed policies make it easier for you to assign appropriate permissions to users, groups, and roles than if you had to write the policies yourself.
You can't change the permissions defined in AWS managed policies. AWS occasionally updates the permissions that are defined in an AWS managed policy. When this occurs, the update affects all principal entities (users, groups, and roles) that the policy is attached to.
Billing provides several AWS managed policies for common use cases.
Topics
AWSPurchaseOrdersServiceRolePolicy
This managed policy grants full access to the Billing and Cost Management console and to the purchase orders console. The policy allows the user to view, create, update, and delete the account's purchase orders.
{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "account:GetAccountInformation", "account:GetContactInformation", "aws-portal:*Billing", "consolidatedbilling:GetAccountBillingRole", "invoicing:GetInvoicePDF", "payments:GetPaymentInstrument", "payments:ListPaymentPreferences", "purchase-orders:AddPurchaseOrder", "purchase-orders:DeletePurchaseOrder", "purchase-orders:GetPurchaseOrder", "purchase-orders:ListPurchaseOrderInvoices", "purchase-orders:ListPurchaseOrders", "purchase-orders:ListTagsForResource", "purchase-orders:ModifyPurchaseOrders", "purchase-orders:TagResource", "purchase-orders:UntagResource", "purchase-orders:UpdatePurchaseOrder", "purchase-orders:UpdatePurchaseOrderStatus", "purchase-orders:ViewPurchaseOrders", "tax:ListTaxRegistrations" ], "Resource":"*" } ] }
AWSBillingReadOnlyAccess
This managed policy grants users access to view the AWS Billing and Cost Management console.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "account:GetAccountInformation", "aws-portal:ViewBilling", "billing:GetBillingData", "billing:GetBillingDetails", "billing:GetBillingNotifications", "billing:GetBillingPreferences", "billing:GetContractInformation", "billing:GetCredits", "billing:GetIAMAccessPreference", "billing:GetSellerOfRecord", "billing:ListBillingViews", "budgets:DescribeBudgetActionsForBudget", "budgets:DescribeBudgetAction", "budgets:DescribeBudgetActionsForAccount", "budgets:DescribeBudgetActionHistories", "budgets:ViewBudget", "ce:DescribeCostCategoryDefinition", "ce:GetCostAndUsage", "ce:GetDimensionValues", "ce:GetTags", "ce:ListCostCategoryDefinitions", "ce:ListCostAllocationTags", "ce:ListCostAllocationTagBackfillHistory", "ce:ListTagsForResource", "consolidatedbilling:GetAccountBillingRole", "consolidatedbilling:ListLinkedAccounts", "cur:DescribeReportDefinitions", "cur:GetClassicReport", "cur:GetClassicReportPreferences", "cur:GetUsageReport", "freetier:GetFreeTierAlertPreference", "freetier:GetFreeTierUsage", "invoicing:GetInvoiceEmailDeliveryPreferences", "invoicing:GetInvoicePDF", "invoicing:ListInvoiceSummaries", "payments:GetPaymentInstrument", "payments:GetPaymentStatus", "payments:ListPaymentInstruments", "payments:ListPaymentPreferences", "payments:ListTagsForResource", "purchase-orders:GetPurchaseOrder", "purchase-orders:ListPurchaseOrderInvoices", "purchase-orders:ListPurchaseOrders", "purchase-orders:ListTagsForResource", "purchase-orders:ViewPurchaseOrders", "sustainability:GetCarbonFootprintSummary", "tax:GetTaxInheritance", "tax:GetTaxRegistrationDocument", "tax:ListTaxRegistrations" ], "Resource": "*" } ] }
Billing
This managed policy grants users permission to view and edit the AWS Billing and Cost Management console. This includes viewing account usage, modifying budgets and payment methods.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "account:GetAccountInformation", "aws-portal:*Billing", "aws-portal:*PaymentMethods", "aws-portal:*Usage", "billing:GetBillingData", "billing:GetBillingDetails", "billing:GetBillingNotifications", "billing:GetBillingPreferences", "billing:GetContractInformation", "billing:GetCredits", "billing:GetIAMAccessPreference", "billing:GetSellerOfRecord", "billing:ListBillingViews", "billing:PutContractInformation", "billing:RedeemCredits", "billing:UpdateBillingPreferences", "billing:UpdateIAMAccessPreference", "budgets:CreateBudgetAction", "budgets:DeleteBudgetAction", "budgets:DescribeBudgetActionsForBudget", "budgets:DescribeBudgetAction", "budgets:DescribeBudgetActionsForAccount", "budgets:DescribeBudgetActionHistories", "budgets:ExecuteBudgetAction", "budgets:ModifyBudget", "budgets:UpdateBudgetAction", "budgets:ViewBudget", "ce:CreateNotificationSubscription", "ce:CreateReport", "ce:CreateCostCategoryDefinition", "ce:DeleteNotificationSubscription", "ce:DeleteCostCategoryDefinition", "ce:DescribeCostCategoryDefinition", "ce:DeleteReport", "ce:GetCostAndUsage", "ce:GetDimensionValues", "ce:GetTags", "ce:ListCostAllocationTags", "ce:ListCostAllocationTagBackfillHistory", "ce:ListCostCategoryDefinitions", "ce:ListTagsForResource", "ce:StartCostAllocationTagBackfill", "ce:UpdateCostAllocationTagsStatus", "ce:UpdateNotificationSubscription", "ce:TagResource", "ce:UpdatePreferences", "ce:UpdateReport", "ce:UntagResource", "ce:UpdateCostCategoryDefinition", "consolidatedbilling:GetAccountBillingRole", "consolidatedbilling:ListLinkedAccounts", "cur:DeleteReportDefinition", "cur:DescribeReportDefinitions", "cur:GetClassicReport", "cur:GetClassicReportPreferences", "cur:GetUsageReport", "cur:ModifyReportDefinition", "cur:PutClassicReportPreferences", "cur:PutReportDefinition", "cur:ValidateReportDestination", "freetier:GetFreeTierAlertPreference", "freetier:GetFreeTierUsage", "freetier:PutFreeTierAlertPreference", "invoicing:GetInvoiceEmailDeliveryPreferences", "invoicing:GetInvoicePDF", "invoicing:ListInvoiceSummaries", "invoicing:PutInvoiceEmailDeliveryPreferences", "payments:CreatePaymentInstrument", "payments:DeletePaymentInstrument", "payments:GetPaymentInstrument", "payments:GetPaymentStatus", "payments:ListPaymentInstruments", "payments:ListPaymentPreferences", "payments:ListTagsForResource", "payments:MakePayment", "payments:TagResource", "payments:UntagResource", "payments:UpdatePaymentInstrument", "payments:ListPaymentInstruments", "payments:UpdatePaymentPreferences", "pricing:DescribeServices", "purchase-orders:AddPurchaseOrder", "purchase-orders:DeletePurchaseOrder", "purchase-orders:GetPurchaseOrder", "purchase-orders:ListPurchaseOrderInvoices", "purchase-orders:ListPurchaseOrders", "purchase-orders:ListTagsForResource", "purchase-orders:ModifyPurchaseOrders", "purchase-orders:TagResource", "purchase-orders:UntagResource", "purchase-orders:UpdatePurchaseOrder", "purchase-orders:UpdatePurchaseOrderStatus", "purchase-orders:ViewPurchaseOrders", "support:AddAttachmentsToSet", "support:CreateCase", "sustainability:GetCarbonFootprintSummary", "tax:BatchPutTaxRegistration", "tax:DeleteTaxRegistration", "tax:GetExemptions", "tax:GetTaxInheritance", "tax:GetTaxInterview", "tax:GetTaxRegistration", "tax:GetTaxRegistrationDocument", "tax:ListTaxRegistrations", "tax:PutTaxInheritance", "tax:PutTaxInterview", "tax:PutTaxRegistration", "tax:UpdateExemptions" ], "Resource": "*" } ] }
AWSAccountActivityAccess
This managed policy grants users permission to view the Account activity page.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "account:GetRegionOptStatus", "account:GetAccountInformation", "account:GetAlternateContact", "account:GetChallengeQuestions", "account:GetContactInformation", "account:ListRegions", "aws-portal:ViewBilling", "billing:GetIAMAccessPreference", "billing:GetSellerOfRecord", "payments:ListPaymentPreferences" ], "Resource": "*" } ] }
AWSPriceListServiceFullAccess
This managed policy grants users full access to the AWS Price List Service.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AWSPriceListServiceFullAccess", "Effect": "Allow", "Action": [ "pricing:*" ], "Resource": "*" } ] }
Updates to AWS managed policies for AWS Billing
View details about updates to AWS managed policies for AWS Billing since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the AWS Billing Document history page.
| Change | Description | Date |
|---|---|---|
|
AWSPriceListServiceFullAccess – Updated policy |
We added the documentation for
|
July 2, 2024 |
|
Billing and AWSBillingReadOnlyAccess – Update to existing policies |
We added the following cost allocation tag-related permissions
to
We added the following tag-related permission to
|
May 31, 2024 |
|
Billing and AWSBillingReadOnlyAccess – Update to existing policies |
We added the following cost allocation tag-related permissions
to
We added the following cost allocation tag-related permission
to
|
March 25, 2024 |
| Billing and AWSBillingReadOnlyAccess – Update to existing policies |
We added the following cost allocation tag-related permissions
to
We added the following cost allocation tag-related permission
to
|
July 26, 2023 |
|
AWSPurchaseOrdersServiceRolePolicy, Billing, and AWSBillingReadOnlyAccess – Update to existing policies |
We added the following purchase order tag-related permissions
to
We added the following tag-related permission to
|
July 17, 2023 |
|
AWSPurchaseOrdersServiceRolePolicy, Billing, and AWSBillingReadOnlyAccess – Update to existing policies AWSAccountActivityAccess – New AWS managed policy documented for AWS Billing |
Added updated action set across all policies. | March 06, 2023 |
|
AWSPurchaseOrdersServiceRolePolicy – Update to an existing policy |
AWS Billing removed unnecessary permissions. |
November 18, 2021 |
|
AWS Billing started tracking changes |
AWS Billing started tracking changes for its AWS managed policies. |
November 18, 2021 |
