To use budget actions, you must create a service role for AWS Budgets. A service role is an IAM role that a service assumes to perform actions on your behalf. An IAM administrator can create, modify, and delete a service role from within IAM. For more information, see Create a role to delegate permissions to an AWS service in the IAM User Guide.
To allow AWS Budgets to perform actions on your behalf, you must grant the necessary permissions to the service role. The following table lists the permissions that you can grant the service role.
| Permissions policy for budget actions | Instructions |
|---|---|
|
This is an AWS managed policy. For instructions on how to attach a managed policy, see To use a managed policy as a permissions policy for an identity (console) in the IAM User Guide |
|
|
You can use this example policy as an inline policy or a customer managed policy. For instructions on how to embed an inline policy, see To embed an inline policy for a user or role (console) in the IAM User Guide. For instructions on how to create a customer managed policy, see Creating IAM policies (console) in the IAM User Guide. |
|
|
Allow AWS Budgets to apply IAM policies and SCPs and target EC2 and RDS instances |
You can use this example policy as an inline policy or a customer managed policy. For instructions on how to embed an inline policy, see To embed an inline policy for a user or role (console) in the IAM User Guide. For instructions on how to create a customer managed policy, see Creating IAM policies (console) in the IAM User Guide. |
