Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

If you are creating three new policies, prepending them with the same string will allow for easier retrieval when creating the role and assigning policies

Allow read of cost and usage data

  • Navigate to the IAM console and create a new policy with the json described permissions below

Code Block
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ce:GetCostAndUsage",
            "Resource": "*"
        }
    ]
}

Allow Read of created secret

  • Find the secret name in the script output and replace {SecretNameHere} with the secret name and {AWS account ID} with your account id

...

Code Block
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "secretsmanager:GetSecretValue",
            "Resource": "arn:aws:secretsmanager:*:{AWS Account ID}:secret:{SecretNameHere}*"
        }
    ]
}

Allow management of DynamoDB and Simple Queue Service

  • Create the third policy:

Info

You will need your aws account ID

...